Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 prior to 1.0.4 and 1.1 prior to 1.1.7, as derived from Cyrus libsieve, allow context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dovecot dovecot 1.0.2 |
||
dovecot dovecot 1.0.3 |
||
dovecot dovecot 1.1.5 |
||
dovecot dovecot 1.1.6 |
||
dovecot dovecot 1.0.1 |
||
dovecot dovecot 1.1.1 |
||
dovecot dovecot 1.1.2 |
||
dovecot dovecot 1.1 |
||
dovecot dovecot 1.1.0 |
||
dovecot dovecot 1.0 |
||
dovecot dovecot 1.1.3 |
||
dovecot dovecot 1.1.4 |