CVE-2020-10957

Published: 18/05/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Dovecot prior to 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dovecot dovecot

Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Topic An update for dovecot is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Several security issues were fixed in Dovecot ...

Debian Bug report logs - #960963 dovecot: CVE-2020-10957 CVE-2020-10958 CVE-2020-10967 Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 May 2020 19:45:06 UTC Severity: grave Tags: security, upstre ...

Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service For the stable distribution (buster), these problems have been fixed in version 1:2341-5+deb10u2 We recommend that you upgrade your dovecot packages For the detaile ...

A NULL-pointer dereference issue has been found in Dovecot before 23101 in the lmtp/submission component A client can crash the server by sending a NOOP command with an invalid string parameter This occurs particularly for a parameter that doesn't start with a double quote This applies to all SMTP services, including submission-login, which m ...

Open-Xchange Dovecot versions 230 through 2310 suffer from null pointer dereference and denial of service vulnerabilities ...

Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL poin ...

CWE-476 https://dovecot.org/security https://www.openwall.com/lists/oss-security/2020/05/18/1 http://www.openwall.com/lists/oss-security/2020/05/18/1 http://seclists.org/fulldisclosure/2020/May/37 http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html https://www.debian.org/security/2020/dsa-4690 https://usn.ubuntu.com/4361-1/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/https://access.redhat.com/errata/RHSA-2020:2901 https://usn.ubuntu.com/4361-1/https://nvd.nist.gov

CVE-2020-10957

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect