Vulnerability CVE-2020-12673: Information
Description
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
dovecot | sisyphus | 2.3.11.3-alt1 | 2.3.21-alt1 | ALT-PU-2020-3376-1 | 262141 | Fixed |
dovecot | p10 | 2.3.11.3-alt1 | 2.3.21-alt1 | ALT-PU-2020-3376-1 | 262141 | Fixed |
dovecot | p9 | 2.3.11.3-alt1 | 2.3.16-alt1 | ALT-PU-2020-3453-1 | 262166 | Fixed |
dovecot | c10f1 | 2.3.11.3-alt1 | 2.3.19.1-alt2 | ALT-PU-2020-3376-1 | 262141 | Fixed |
dovecot | c9f2 | 2.3.13-alt1 | 2.3.19.1-alt2 | ALT-PU-2021-1205-1 | 264626 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://dovecot.org/security |
|
https://www.openwall.com/lists/oss-security/2020/08/12/2 |
|
DSA-4745 |
|
[debian-lts-announce] 20200815 [SECURITY] [DLA 2328-1] dovecot security update |
|
USN-4456-1 |
|
USN-4456-2 |
|
openSUSE-SU-2020:1241 |
|
openSUSE-SU-2020:1262 |
|
GLSA-202009-02 |
|
FEDORA-2020-cd8b8f887b | |
FEDORA-2020-b8ebc4201e | |
FEDORA-2020-d737c57172 |