CVE-2019-11500 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	IMAP and ManageSieve protocol parsers in Dovecot before 2.3.7.2 and Pigeonhole before 0.5.7.2 do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1027	pigeonhole	0.5.7.1-1	0.5.7.2-1	Critical	Fixed
AVG-1026	dovecot	2.3.7.1-1	2.3.7.2-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
28 Aug 2019	ASA-201908-19	AVG-1027	pigeonhole	Critical	arbitrary code execution
28 Aug 2019	ASA-201908-18	AVG-1026	dovecot	Critical	arbitrary code execution

References
https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc

References

https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b
https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a
https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c
https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc