In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 , protocol processing can fail for quoted strings. This occurs because #039;\\0#039; characters are mishandled, and can lead to out-of-bounds writes and remote code execution.