dovecot: Multiple vulnerabilities (CVE-2020-10957, CVE-2020-10958, CVE-2020-10967)ID: oval:org.secpod.oval:def:1801786 | Date: (C)2020-12-23 (M)2023-11-10 |
Class: PATCH | Family: unix |
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.9 |
Alpine Linux 3.8 |