CVE-2020-10958 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands.
Group Package Affected Fixed Severity Status Ticket
AVG-1162 dovecot 2.3.10-2 2.3.10.1-1 High Fixed
Date Advisory Group Package Severity Description
19 May 2020 ASA-202005-9 AVG-1162 dovecot High multiple issues
References
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1
https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4
https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b