In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Max CVSS
7.5
EPSS Score
0.31%
Published
2020-08-12
Updated
2023-02-03
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
Max CVSS
7.5
EPSS Score
0.69%
Published
2020-08-12
Updated
2023-02-03
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
Max CVSS
7.5
EPSS Score
3.75%
Published
2020-08-12
Updated
2022-10-29
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Max CVSS
5.3
EPSS Score
3.31%
Published
2020-05-18
Updated
2020-10-13
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
Max CVSS
5.3
EPSS Score
0.78%
Published
2020-05-18
Updated
2020-05-28
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Max CVSS
7.5
EPSS Score
0.91%
Published
2020-05-18
Updated
2020-05-28
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
Max CVSS
5.3
EPSS Score
0.16%
Published
2020-02-12
Updated
2022-01-01
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Max CVSS
7.8
EPSS Score
0.51%
Published
2020-02-12
Updated
2021-12-30
8 vulnerabilities found