CVE-2020-10967 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. An authenticated attacker could send an e-mail via the submission service with empty quoted localpart which would cause the submission or lmtp component to crash. An unauthenticated attacker could send an e-mail with a bad sender or recipient address, causing the e-mail to be passed to LMTP for delivery and then crash the LMTP component unless some kind of filtering has been set up on the MTA level.
Group Package Affected Fixed Severity Status Ticket
AVG-1162 dovecot 2.3.10-2 2.3.10.1-1 High Fixed
Date Advisory Group Package Severity Description
19 May 2020 ASA-202005-9 AVG-1162 dovecot High multiple issues
References
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d
https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031
https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8
https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd