5
CVE-2011-1929
- EPSS 3.25%
- Veröffentlicht 24.05.2011 23:55:04
- Zuletzt bearbeitet 16.06.2026 23:30:24
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.25% | 0.867 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://dovecot.org/pipermail/dovecot/2011-May/059085.html
http://dovecot.org/pipermail/dovecot/2011-May/059086.html
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
http://openwall.com/lists/oss-security/2011/05/18/4
http://openwall.com/lists/oss-security/2011/05/19/3
http://openwall.com/lists/oss-security/2011/05/19/6
http://osvdb.org/72495
http://secunia.com/advisories/44683
http://secunia.com/advisories/44712
http://secunia.com/advisories/44756
http://secunia.com/advisories/44771
http://secunia.com/advisories/44827
http://www.debian.org/security/2011/dsa-2252
http://www.dovecot.org/doc/NEWS-1.2
http://www.dovecot.org/doc/NEWS-2.0
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
http://www.redhat.com/support/errata/RHSA-2011-1187.html
http://www.securityfocus.com/bid/47930
http://www.ubuntu.com/usn/USN-1143-1
https://bugzilla.redhat.com/show_bug.cgi?id=706286
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
https://hermes.opensuse.org/messages/8581790