Dovecot: >> Dovecot >> 2.3.11.2 Security Vulnerabilities
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
CVSS Score
6.8
EPSS Score
0.022
Published
2021-01-04
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
CVSS Score
7.5
EPSS Score
0.034
Published
2021-01-04
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVSS Score
7.5
EPSS Score
0.196
Published
2020-08-12
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVSS Score
7.5
EPSS Score
0.056
Published
2020-08-12
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
CVSS Score
7.5
EPSS Score
0.258
Published
2020-08-12
Page 3