Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-7046

A denial of service has been found in Dovecot before 2.3.9.3, where lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it.

Source

Severity Medium

Remote Yes

Type Denial of service

Description

A denial of service has been found in Dovecot before 2.3.9.3, where lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it.

AVG-1097 dovecot 2.3.9.2-1 2.3.9.3-1 Medium Fixed

https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect