Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Dovecot 2.3.0 < 2.3.10 Multiple Vulnerabilities

Information

Severity

Severity

High

Family

Family

General

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Share

Summary

Dovecot is prone to multiple vulnerabilities.

Insight

Insight

Dovecot is prone to multiple vulnerabilities: - Unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. (CVE-2020-10957) - A crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. (CVE-2020-10958) - remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. (CVE-2020-10967)

Affected Software

Affected Software

Dovecot versions 2.3.0 - 2.3.10.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 2.3.10.1 or later.

Common Vulnerabilities and Exposures (CVE)

References