FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mail/dovecot -- multiple vulnerabilities

Affected packages
dovecot < 2.3.11


VuXML ID 87a07de1-e55e-4d51-bb64-8d117829a26a
Discovery 2020-04-23
Entry 2020-08-13

Aki Tuomi reports:

Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory..

Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash

lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash.

Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on.


CVE Name CVE-2020-10967
CVE Name CVE-2020-12100
CVE Name CVE-2020-12673
CVE Name CVE-2020-12674