Dovecot

Dovecot

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.66%
  • Veröffentlicht 04.01.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:17:50

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

  • EPSS 2.75%
  • Veröffentlicht 04.01.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:14:43

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

Exploit
  • EPSS 6.19%
  • Veröffentlicht 12.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:02

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Exploit
  • EPSS 6.19%
  • Veröffentlicht 12.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:02

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Exploit
  • EPSS 5.22%
  • Veröffentlicht 12.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:14

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Exploit
  • EPSS 8.15%
  • Veröffentlicht 18.05.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:28

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

Exploit
  • EPSS 6.12%
  • Veröffentlicht 18.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:27

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.

Exploit
  • EPSS 7.17%
  • Veröffentlicht 18.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:27

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Exploit
  • EPSS 1.88%
  • Veröffentlicht 12.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:05

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read a...

  • EPSS 51.26%
  • Veröffentlicht 12.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:33

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.