Vulnerability CVE-2019-11500: Information
Description
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/08/28/3 |
|
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html |
|
https://www.dovecot.org/security.html |
|
[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update |
|
GLSA-201908-29 |
|
RHSA-2019:2822 | |
RHSA-2019:2836 | |
RHSA-2019:2885 | |
openSUSE-SU-2019:2281 | |
openSUSE-SU-2019:2278 | |
FEDORA-2019-3844281be1 | |
FEDORA-2019-59d60bd1fa | |
FEDORA-2019-ea638fb605 |