Vulnerability CVE-2020-10957: Information
Description
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
dovecot | sisyphus | 2.3.10.1-alt1 | 2.3.21-alt1 | ALT-PU-2020-1984-1 | 251997 | Fixed |
dovecot | p10 | 2.3.10.1-alt1 | 2.3.21-alt1 | ALT-PU-2020-1984-1 | 251997 | Fixed |
dovecot | p9 | 2.3.10.1-alt1 | 2.3.16-alt1 | ALT-PU-2020-1989-1 | 252013 | Fixed |
dovecot | c10f1 | 2.3.10.1-alt1 | 2.3.19.1-alt2 | ALT-PU-2020-1984-1 | 251997 | Fixed |
dovecot | c9f2 | 2.3.10.1-alt1 | 2.3.19.1-alt2 | ALT-PU-2020-1989-1 | 252013 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://dovecot.org/security |
|
https://www.openwall.com/lists/oss-security/2020/05/18/1 |
|
[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server |
|
20200519 Multiple vulnerabilities in Dovecot IMAP server |
|
http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html | |
DSA-4690 | |
USN-4361-1 | |
openSUSE-SU-2020:0720 | |
FEDORA-2020-1dee17d880 | |
FEDORA-2020-b60344c987 |