[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-4907

Date: (C)2008-11-03   (M)2017-08-08 


The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
BID-31997
SECUNIA-32479
SECUNIA-32677
SECUNIA-33149
GLSA-200812-16
USN-666-1
http://www.dovecot.org/list/dovecot-news/2008-October/000089.html
dovecot-mail-header-dos(46227)

CWE    1
CWE-20

© 2013 SecPod Technologies