CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10958 – dovecot: command followed by sufficient number of newlines leads to use-after-free
https://notcve.org/view.php?id=CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. En Dovecot versiones anteriores a 2.3.10.1, un mensaje SMTP/LMTP diseñado desencadena un bug no autenticado de uso de la memoria previamente liberada en submission-login, submission, o lmtp, y puede conllevar a un bloqueo bajo circunstancias que impliquen muchas líneas nuevas después de un comando. Open-Xchange Dovecot versions 2.3.0 through 2.3.10 suffer from null pointer dereference and denial of service vulnerabilities. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/37 http://www.openwall.com/lists/oss-security/2020/05/18/1 https://dovecot.org/security https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6 https://lists.fedoraproject.org/archives/list/package-announce&# • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10957 – dovecot: malformed NOOP commands leads to DoS
https://notcve.org/view.php?id=CVE-2020-10957
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. En Dovecot versiones anteriores a 2.3.10.1, el envío no autenticado de parámetros malformados hacia un comando NOOP causa una Desreferencia del Puntero NULL y un bloqueo en submission-login o lmtp. A flaw was found in Dovecot, where it did not properly handle certain malformed NOOP commands. This flaw allows a malicious attacker to cause the submission, submission-login, or lmtp services to crash by sending specially crafted commands. Open-Xchange Dovecot versions 2.3.0 through 2.3.10 suffer from null pointer dereference and denial of service vulnerabilities. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/37 http://www.openwall.com/lists/oss-security/2020/05/18/1 https://dovecot.org/security https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6 https://lists.fedoraproject.org/archives/list/package-announce&# • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2020-7957
https://notcve.org/view.php?id=CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. Los plugins IMAP y LMTP en Dovecot versiones 2.3.9 anteriores a 2.3.9.3, manejan inapropiadamente la generación de fragmentos cuando se deben leer muchos caracteres para calcular el fragmento y existe un carácter ) al final. Esto provoca una denegación de servicio en la que el destinatario no puede leer todos sus mensajes. • http://www.openwall.com/lists/oss-security/2020/02/12/2 https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html https://dovecot.org/security https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7046
https://notcve.org/view.php?id=CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. lib-smtp en submit-login y lmtp en Dovecot versiones 2.3.9 anteriores a 2.3.9.3, maneja inapropiadamente los datos UTF-8 truncados en los parámetros de comando, como es demostrado por la activación no autenticada de un bucle infinito de login-login. • http://www.openwall.com/lists/oss-security/2020/02/12/1 https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html https://dovecot.org/security https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19722
https://notcve.org/view.php?id=CVE-2019-19722
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. En Dovecot versiones anteriores a 2.3.9.2, un atacante puede bloquear un controlador de notificación push con un correo electrónico diseñado cuando notificaciones push son usadas, debido a una desreferencia del puntero NULL. El correo electrónico debe usar una dirección de grupo como remitente o destinatario. • http://www.openwall.com/lists/oss-security/2019/12/13/3 https://dovecot.org/list/dovecot-news/2019-December/000428.html https://dovecot.org/pipermail/dovecot-news/2019-December/000428.html https://dovecot.org/security.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB • CWE-476: NULL Pointer Dereference •