CVE-2020-10967 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. An authenticated attacker could send an e-mail via the submission service with empty quoted localpart which would cause the submission or lmtp component to crash. An unauthenticated attacker could send an e-mail with a bad sender or recipient address, causing the e-mail to be passed to LMTP for delivery and then crash the LMTP component unless some kind of filtering has been set up on the MTA level.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1162	dovecot	2.3.10-2	2.3.10.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2020	ASA-202005-9	AVG-1162	dovecot	High	multiple issues

References
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031 https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8 https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd

References

https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d
https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031
https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8
https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd