CVE-2020-10957 log
Source |
|
Severity | High |
Remote | Yes |
Type | Denial of service |
Description | A NULL-pointer dereference issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1162 | dovecot | 2.3.10-2 | 2.3.10.1-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
19 May 2020 | ASA-202005-9 | AVG-1162 | dovecot | High | multiple issues |