Vulnerability CVE-2020-12673: Information

Description

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-12673

Published: Aug. 12, 2020

Modified: Nov. 7, 2023

Error type identifier: CWE-125

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
dovecot	sisyphus	2.3.11.3-alt1	2.3.21-alt1	ALT-PU-2020-3376-1	262141	Fixed
dovecot	p10	2.3.11.3-alt1	2.3.21-alt1	ALT-PU-2020-3376-1	262141	Fixed
dovecot	p9	2.3.11.3-alt1	2.3.16-alt1	ALT-PU-2020-3453-1	262166	Fixed
dovecot	c10f1	2.3.11.3-alt1	2.3.19.1-alt2	ALT-PU-2020-3376-1	262141	Fixed
dovecot	c9f2	2.3.13-alt1	2.3.19.1-alt2	ALT-PU-2021-1205-1	264626	Fixed

Hyperlink	Resource
https://dovecot.org/security	Vendor Advisory
https://www.openwall.com/lists/oss-security/2020/08/12/2	Exploit Mailing List Third Party Advisory
DSA-4745	Third Party Advisory
[debian-lts-announce] 20200815 [SECURITY] [DLA 2328-1] dovecot security update	Third Party Advisory
USN-4456-1	Third Party Advisory
USN-4456-2	Third Party Advisory
openSUSE-SU-2020:1241	Broken Link
openSUSE-SU-2020:1262	Broken Link
GLSA-202009-02	Third Party Advisory
FEDORA-2020-cd8b8f887b
FEDORA-2020-b8ebc4201e
FEDORA-2020-d737c57172

Version: v24.4.2