[3.9] dovecot: Mishandling invalid UTF-8 characters by JSON encoder leading to possible DoS attack (CVE-2019-10691)ID: oval:org.secpod.oval:def:1801471 | Date: (C)2019-06-27 (M)2023-11-10 |
Class: PATCH | Family: unix |
JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delivered with invalid UTF-8 sequence in From or Subject header. Fixed In Version:¶ dovecot 2.3.5.2
Platform: |
Alpine Linux 3.9 |