Denial Of Service (DoS)

2020-08-0621:34:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.009 Low

EPSS

Percentile

82.7%

JSON

Dovecot is vulnerable to denial of service. A malicious SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under when there are multiple newlines after a command.

CPENameOperatorVersion
dovecot:3.10eq2.3.7.2-r0
dovecoteq2.3.7.2-r1
dovecot:3.11eq2.3.9.2-r0
dovecoteq2.3.8__2.el8
dovecoteq2.3.8__2.el8_2.1
dovecoteq2.2.36__10.el8
dovecoteq2.3.8__3.el8
dovecoteq2.2.36__5.el8
dovecoteq2.2.36__5.el8_0.1
dovecot:edgeeq2.3.9.3-r0

Name	Operator	Version
dovecot:3.10	eq	2.3.7.2-r0
dovecot	eq	2.3.7.2-r1
dovecot:3.11	eq	2.3.9.2-r0
dovecot	eq	2.3.8__2.el8
dovecot	eq	2.3.8__2.el8_2.1
dovecot	eq	2.2.36__10.el8
dovecot	eq	2.3.8__3.el8
dovecot	eq	2.2.36__5.el8
dovecot	eq	2.2.36__5.el8_0.1
dovecot:edge	eq	2.3.9.3-r0