Dovecot: >> Dovecot >> 2.3.5.1 Security Vulnerabilities
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-05-08
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-04-24
Page 4