CVE-2020-10957 log

Severity High
Remote Yes
Type Denial of service
A NULL-pointer dereference issue has been found in Dovecot before in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
Group Package Affected Fixed Severity Status Ticket
AVG-1162 dovecot 2.3.10-2 High Fixed
Date Advisory Group Package Severity Type
19 May 2020 ASA-202005-9 AVG-1162 dovecot High multiple issues