---

CVE-2020-10958 - log back

CVE-2020-10958 edited at 20 May 2020 15:50:05
Severity	- Critical + High

CVE-2020-10958 edited at 18 May 2020 13:59:49
References	- https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html + https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1 https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4 https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b

CVE-2020-10958 edited at 18 May 2020 13:58:03
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands.
References	+ https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html + https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1 + https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4 + https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b
Notes

CVE-2020-10958 created at 18 May 2020 13:38:06