Published: 08/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In the IMAP Server in Dovecot 2.3.3 up to and including 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dovecot dovecot
fedoraproject fedora 29
fedoraproject fedora 30
opensuse leap 15.0
opensuse leap 15.1

Debian Bug report logs - #928235 dovecot: CVE-2019-11494 CVE-2019-11499 Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Apr 2019 14:03:02 UTC Severity: grave Tags: security, upstream Found in ve ...

Dovecot could be made to crash if it received specially crafted network traffic ...

Impact: Moderate Public Date: 2019-04-30 CWE: CWE-476 Bugzilla: 1709244: CVE-2019-11494 dovecot: premat ...

Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting This can lead to denial-of service attack by persistent attacker(s) ...

CWE-476 https://www.dovecot.org/security.html https://www.dovecot.org/download.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928235 https://usn.ubuntu.com/3961-1/https://nvd.nist.gov

CVE-2019-11494

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect