DSA-4510-1 dovecot -- dovecotID: oval:org.secpod.oval:def:604511 | Date: (C)2020-10-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input . A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
dovecot-auth-lua |
dovecot-pgsql |
dovecot-mysql |
dovecot-sieve |
dovecot-core |
dovecot-ldap |
dovecot-sqlite |
dovecot-dev |
dovecot-pop3d |
dovecot-imapd |
dovecot-managesieved |
dovecot-lucene |
dovecot-gssapi |
dovecot-solr |
dovecot-submissiond |
dovecot-lmtpd |
dovecot-dbg |