In Dovecot prior to 2.2.36.4 and 2.3.x prior to 2.3.7.2 (and Pigeonhole prior to 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dovecot dovecot |
||
dovecot pigeonhole |
||
debian debian linux 8.0 |
||
fedoraproject fedora 30 |