---

CVE-2019-11500 - log back

CVE-2019-11500 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ IMAP and ManageSieve protocol parsers in Dovecot before 2.3.7.2 and Pigeonhole before 0.5.7.2 do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes.
References	+ https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html + https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b + https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a + https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c + https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc
Notes