CVE-2020-10957 - log back

CVE-2020-10957 edited at 18 May 2020 14:00:45
Description
- A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
+ A NULL-pointer dereference issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
CVE-2020-10957 edited at 18 May 2020 13:59:53
References
- https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html
+ https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/d143ca6b7ee1196ae3eafffbf6dee71a95a5e0b8
https://github.com/dovecot/core/commit/606724bd528b92347dce580d3ab48fc1e3c2f4d7
https://github.com/dovecot/core/commit/aedb205c79395de77127fb7166b29b09319df23c
https://github.com/dovecot/core/commit/874817b169d19a4ae51d80ad5798a396bfe90136
https://github.com/dovecot/core/commit/5efeccc10beccbf8d7700adec1278f97d416cbc6
CVE-2020-10957 edited at 18 May 2020 13:55:57
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
References
+ https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html
+ https://github.com/dovecot/core/commit/d143ca6b7ee1196ae3eafffbf6dee71a95a5e0b8
+ https://github.com/dovecot/core/commit/606724bd528b92347dce580d3ab48fc1e3c2f4d7
+ https://github.com/dovecot/core/commit/aedb205c79395de77127fb7166b29b09319df23c
+ https://github.com/dovecot/core/commit/874817b169d19a4ae51d80ad5798a396bfe90136
+ https://github.com/dovecot/core/commit/5efeccc10beccbf8d7700adec1278f97d416cbc6
Notes
CVE-2020-10957 created at 18 May 2020 13:38:06