CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 2CVE-2020-10957 – dovecot: malformed NOOP commands leads to DoS
https://notcve.org/view.php?id=CVE-2020-10957
18 May 2020 — In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. En Dovecot versiones anteriores a 2.3.10.1, el envío no autenticado de parámetros malformados hacia un comando NOOP causa una Desreferencia del Puntero NULL y un bloqueo en submission-login o lmtp. A flaw was found in Dovecot, where it did not properly handle certain malformed NOOP commands. This flaw allows a malicious attacker t... • https://packetstorm.news/files/id/157771 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2020-7957
https://notcve.org/view.php?id=CVE-2020-7957
12 Feb 2020 — The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. Los plugins IMAP y LMTP en Dovecot versiones 2.3.9 anteriores a 2.3.9.3, manejan inapropiadamente la generación de fragmentos cuando se deben leer muchos caracteres para calcular el fragmento y existe un carácter ) al final. Esto provoca un... • http://www.openwall.com/lists/oss-security/2020/02/12/2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7046
https://notcve.org/view.php?id=CVE-2020-7046
12 Feb 2020 — lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. lib-smtp en submit-login y lmtp en Dovecot versiones 2.3.9 anteriores a 2.3.9.3, maneja inapropiadamente los datos UTF-8 truncados en los parámetros de comando, como es demostrado por la activación no autenticada de un bucle infinito de login-login. • http://www.openwall.com/lists/oss-security/2020/02/12/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2019-19722
https://notcve.org/view.php?id=CVE-2019-19722
13 Dec 2019 — In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. En Dovecot versiones anteriores a 2.3.9.2, un atacante puede bloquear un controlador de notificación push con un correo electrónico diseñado cuando notificaciones push son usadas, debido a una desreferencia del puntero NULL. El correo electrónico debe usar una direcci... • http://www.openwall.com/lists/oss-security/2019/12/13/3 • CWE-476: NULL Pointer Dereference •