5

CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DovecotDovecot Version1.2.0
DovecotDovecot Version1.2.1
DovecotDovecot Version1.2.2
DovecotDovecot Version1.2.3
DovecotDovecot Version1.2.4
DovecotDovecot Version1.2.5
DovecotDovecot Version1.2.6
DovecotDovecot Version1.2.7
DovecotDovecot Version1.2.8
DovecotDovecot Version1.2.9
DovecotDovecot Version1.2.10
DovecotDovecot Version1.2.11
DovecotDovecot Version1.2.12
DovecotDovecot Version1.2.13
DovecotDovecot Version1.2.14
DovecotDovecot Version1.2.15
DovecotDovecot Version1.2.16
DovecotDovecot Version2.0 Updatebeta1
DovecotDovecot Version2.0.0
DovecotDovecot Version2.0.1
DovecotDovecot Version2.0.2
DovecotDovecot Version2.0.3
DovecotDovecot Version2.0.4
DovecotDovecot Version2.0.5
DovecotDovecot Version2.0.6
DovecotDovecot Version2.0.7
DovecotDovecot Version2.0.8
DovecotDovecot Version2.0.9
DovecotDovecot Version2.0.10
DovecotDovecot Version2.0.11
DovecotDovecot Version2.0.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.25% 0.867
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Patch
http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Patch
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
http://openwall.com/lists/oss-security/2011/05/18/4
Patch
http://openwall.com/lists/oss-security/2011/05/19/3
Patch
http://openwall.com/lists/oss-security/2011/05/19/6
Patch
http://osvdb.org/72495
http://secunia.com/advisories/44683
http://secunia.com/advisories/44712
http://secunia.com/advisories/44756
http://secunia.com/advisories/44771
http://secunia.com/advisories/44827
http://www.debian.org/security/2011/dsa-2252
http://www.dovecot.org/doc/NEWS-1.2
http://www.dovecot.org/doc/NEWS-2.0
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
http://www.redhat.com/support/errata/RHSA-2011-1187.html
http://www.securityfocus.com/bid/47930
http://www.ubuntu.com/usn/USN-1143-1
https://bugzilla.redhat.com/show_bug.cgi?id=706286
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
https://hermes.opensuse.org/messages/8581790