CVE-2020-12100

2020-08-1200:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.036 Low

EPSS

Percentile

91.7%

JSON

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and
lda allows remote attackers to cause a denial of service (resource
consumption) via a crafted e-mail message with deeply nested MIME parts.

Notes

Author	Note
leosilva	marking precise as ignored since we won’t fix it version in that release is quite old and the backports could possibly cause serious regressions.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchdovecot< 1:2.2.33.2-1ubuntu4.6UNKNOWN
ubuntu20.04noarchdovecot< 1:2.3.7.2-1ubuntu3.2UNKNOWN
ubuntu14.04noarchdovecot< 1:2.2.9-1ubuntu2.6+esm3UNKNOWN
ubuntu16.04noarchdovecot< 1:2.2.22-1ubuntu2.13UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	dovecot	< 1:2.2.33.2-1ubuntu4.6	UNKNOWN
ubuntu	20.04	noarch	dovecot	< 1:2.3.7.2-1ubuntu3.2	UNKNOWN
ubuntu	14.04	noarch	dovecot	< 1:2.2.9-1ubuntu2.6+esm3	UNKNOWN
ubuntu	16.04	noarch	dovecot	< 1:2.2.22-1ubuntu2.13	UNKNOWN