CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.1%
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the
FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause
a denial of service (persistent crash) via an email with a malformed From
address, which triggers an assertion error, aka “invalid message address
parsing bug.”