5.3
CVSSv3

CVE-2020-7957

CVSSv4: NA | CVSSv3: 5.3 | CVSSv2: 5 | VMScore: 630 | EPSS: 0.00248 | KEV: Not Included
Published: 12/02/2020 Updated: 21/11/2024

Vulnerability Summary

The IMAP and LMTP components in Dovecot 2.3.9 prior to 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot

fedoraproject fedora 30

fedoraproject fedora 31

Vendor Advisories

A denial of service have been found in Dovecot before 2393, where a specially crafted e-mail can cause a mailbox to have permanently inaccessible mail, or the e-mail itself can be stuck in delivery This happens because the snippet generation crashes if a message is large enough that message-parser returns multiple body blocks, the first block(s ...

Mailing Lists

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 239 Vulnerable component: lmtp, imap Fixed version: 2393 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notif ...