FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- multiple vulnerabilities

Affected packages
dovecot < 2.3.9.3

Details

VuXML ID 74db0d02-b140-4c32-aac6-1f1e81e1ad30
Discovery 2020-01-14
Entry 2020-02-13

Aki Tuomi reports:

lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it.

[source]

Aki also reports:

Snippet generation crashes if: message is large enough that message-parser returns multiple body blocks The first block(s) don't contain the full snippet (e.g. full of whitespace) input ends with '>'

[source]

References

CVE Name CVE-2020-7046
CVE Name CVE-2020-7967
URL https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
URL https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.