|Type||Denial of service|
A NULL-pointer dereference issue has been found in Dovecot before 18.104.22.168 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
|19 May 2020||ASA-202005-9||AVG-1162||dovecot||High||multiple issues|