ALT-PU-2019-2570-1
Closed vulnerabilities
Published: 2019-08-28
BDU:2019-03214
Уязвимость агента доставки электронной почты Dovecot, связанная с возможностью записи за пределами границ памяти, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2281
- openSUSE-SU-2019:2281
- http://www.openwall.com/lists/oss-security/2019/08/28/3
- http://www.openwall.com/lists/oss-security/2019/08/28/3
- RHSA-2019:2822
- RHSA-2019:2822
- RHSA-2019:2836
- RHSA-2019:2836
- RHSA-2019:2885
- RHSA-2019:2885
- https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
- https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
- [debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update
- [debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update
- FEDORA-2019-3844281be1
- FEDORA-2019-3844281be1
- FEDORA-2019-59d60bd1fa
- FEDORA-2019-59d60bd1fa
- FEDORA-2019-ea638fb605
- FEDORA-2019-ea638fb605
- GLSA-201908-29
- GLSA-201908-29
- https://www.dovecot.org/security.html
- https://www.dovecot.org/security.html