CVE-2019-7524

Synopsis Moderate: dovecot security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for dovecot is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file ...

A vulnerability was discovered in the Dovecot email server When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot ...

In Dovecot before 22363 and 23x before 2351, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root This occurs because of missing checks in the fts and pop3-uidl components (CVE-2019-7524) It was discovered that Dovecot before versions 22361 and 2341 incorrectly handled clie ...

In Dovecot before 22363 and 23x before 2351, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root This occurs because of missing checks in the fts and pop3-uidl components (CVE-2019-7524) It was discovered that Dovecot before versions 22361 and 2341 incorrectly handled clie ...

Impact: Moderate Public Date: 2019-03-28 CWE: CWE-120->CWE-284 Bugzilla: 1696152: CVE-2019-7524 dove ...

A stack-based buffer overflow has been found in Dovecot versions prior to 2351 When reading FTS or POP3-UIDL header from dovecot index, the input buffer size is not bound, and data is copied to target structure causing stack overflow This can be used for local root privilege escalation or executing arbitrary code in dovecot process context Th ...