|Type||Denial of service|
A security issue has been found in Dovecot before 18.104.22.168 in the lmtp/submission component. An authenticated attacker could send an e-mail via the submission service with empty quoted localpart which would cause the submission or lmtp component to crash. An unauthenticated attacker could send an e-mail with a bad sender or recipient address, causing the e-mail to be passed to LMTP for delivery and then crash the LMTP component unless some kind of filtering has been set up on the MTA level.
|19 May 2020||ASA-202005-9||AVG-1162||dovecot||High||multiple issues|