Dovecot : Security Vulnerabilities, CVEs, (Code Execution)
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Max CVSS
9.8
EPSS Score
61.39%
Published
2019-08-29
Updated
2019-09-06
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Max CVSS
7.5
EPSS Score
1.91%
Published
2009-09-17
Updated
2017-09-19
2 vulnerabilities found