<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2020-25275: Dovecot: MIME parsing crash
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Aki Tuomi <aki.tuomi () dovecot fi>
Date: Mon, 4 Jan 2021 14:03:19 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4113 (Bug ID)
Vulnerability type: CWE-20: Improper Input Validation
Vulnerable version: 2.3.11-2.3.11.3
Vulnerable component: lda, lmtp, imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-09-10
Solution date: 2020-09-14
Public disclosure: 2021-01-04
CVE reference: CVE-2020-25275
CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Researcher credit: Innokentii Sennovskiy (Rumata888) from BI.ZONE
Vulnerability Details:
Mail delivery / parsing crashed when the 10 000th MIME part was
message/rfc822 (or if parent was multipart/digest). This happened
due to earlier MIME parsing changes for CVE-2020-12100.
Risk:
Malicious sender can crash dovecot repeatedly by sending / uploading
message with more than 10 000 MIME parts.
Workaround:
These are usually dropped by MTA, where the mitigation can also be applied.
Solution:
Operators should update to 2.3.13 or later version.
Attachment:
signature.asc
Description: OpenPGP digital signature
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2020-25275: Dovecot: MIME parsing crash Aki Tuomi (Jan 04)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->