Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-4907

Published: 04/11/2008 Updated: 08/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote malicious users to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot 1.1.4

dovecot dovecot 1.1.5

Vendor Advisories

Ubuntu Security Notice: dovecot vulnerability
It was discovered that certain email headers were not correctly handled by Dovecot If a remote attacker sent a specially crafted email to a user with a mailbox managed by Dovecot, that user’s mailbox would become inaccessible through Dovecot, leading to a denial of service ...

Exploits

Exploit DB: Dovecot 1.1.x - Invalid Message Address Parsing Denial of Service
source: wwwsecurityfocuscom/bid/31997/info Dovecot is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted email headers An attacker can exploit this issue to prevent recipients from accessing their mailboxes For an exploit to succeed, the IMAP client connecting to Dovecot must use the ...

References

CWE-20http://www.dovecot.org/list/dovecot-news/2008-October/000089.htmlhttp://www.securityfocus.com/bid/31997http://secunia.com/advisories/32479http://www.ubuntu.com/usn/usn-666-1http://secunia.com/advisories/32677http://secunia.com/advisories/33149http://security.gentoo.org/glsa/glsa-200812-16.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/46227https://usn.ubuntu.com/666-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/32551/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223CVE-2024-0044information disclosureCVE-2024-35753HTML injectionCVE-2024-21306CVE-2024-35733SQL injectionCVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook