Lucene search

K

Ubuntu.comUB:CVE-2020-7957

HistoryFeb 12, 2020 - 12:00 a.m.

CVE-2020-7957

2020-02-1200:00:00

ubuntu.com

ubuntu.com

11

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

52.3%

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle
snippet generation when many characters must be read to compute the snippet
and a trailing > character exists. This causes a denial of service in which
the recipient cannot read all of their messages.

Notes

Author	Note
mdeslaur	2.3.9 only introduced by 74063ed8219d055489d5233b0c02a59886d2078c

References

launchpad.net/bugs/cve/CVE-2020-7957

nvd.nist.gov/vuln/detail/CVE-2020-7957

security-tracker.debian.org/tracker/CVE-2020-7957

www.cve.org/CVERecord?id=CVE-2020-7957

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

52.3%

Related for UB:CVE-2020-7957

prion1 nvd1 osv1 veracode1 debiancve1 redhatcve1 alpinelinux1 cvelist1 cve1 openvas3 nessus2 archlinux1 fedora2