Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Dovecot < 2.2.36.4 and < 2.3.7.2 Heap Overflow Vulnerability

Information

Severity

Severity

High

Family

Family

General

CVSSv2 Base

CVSSv2 Base

7.6

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Share

Summary

Dovecot is prone to an unauthenticated heap out of bounds heap memory write vulnerability.

Insight

Insight

This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 bytes in pre-login phase, and 65536 bytes post-login phase, allowing sufficiently skilled attacker to perform complicated attacks that can lead to leaking private information or remote code execution. Abuse of this bug is very difficult to observe, as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs.

Affected Software

Affected Software

Dovecot prior to version 2.2.36.4 and 2.3.x prior to version 2.3.7.2.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 2.2.36.4, 2.3.7.2 or later.

Common Vulnerabilities and Exposures (CVE)

References