Veracode Vulnerability DatabaseVERACODE:24700Denial Of Service (DoS)
EPSS
Percentile
95.2%
dovecot is vulnerable to denial of service. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user’s connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox.
References
dovecot.org/pipermail/dovecot/2011-May/059085.html
dovecot.org/pipermail/dovecot/2011-May/059086.html
hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
openwall.com/lists/oss-security/2011/05/18/4
openwall.com/lists/oss-security/2011/05/19/3
openwall.com/lists/oss-security/2011/05/19/6
osvdb.org/72495
secunia.com/advisories/44683
secunia.com/advisories/44712
secunia.com/advisories/44756
secunia.com/advisories/44771
secunia.com/advisories/44827
www.debian.org/security/2011/dsa-2252
www.dovecot.org/doc/NEWS-1.2
www.dovecot.org/doc/NEWS-2.0
www.mandriva.com/security/advisories?name=MDVSA-2011:101
www.redhat.com/support/errata/RHSA-2011-1187.html
www.securityfocus.com/bid/47930
www.ubuntu.com/usn/USN-1143-1
access.redhat.com/errata/RHSA-2011:1187
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=706286
exchange.xforce.ibmcloud.com/vulnerabilities/67589
hermes.opensuse.org/messages/8581790
Related
