0.009 Low
EPSS
Percentile
82.7%
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
bugzilla.redhat.com/show_bug.cgi?id=1834323
dovecot.org/pipermail/dovecot-news/2020-May/000438.html
nvd.nist.gov/vuln/detail/CVE-2020-10958
www.cve.org/CVERecord?id=CVE-2020-10958