CVE-2020-10958 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1162	dovecot	2.3.10-2	2.3.10.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2020	ASA-202005-9	AVG-1162	dovecot	High	multiple issues

References
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1 https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4 https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b

References

https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1
https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4
https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b