Back to search
CVE-2019-11500
Published: Aug 29, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.dovecot.org/security.html
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/08/28/3
x_refsource_CONFIRM
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
x_refsource_CONFIRM
[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update
mailing-list
x_refsource_MLIST
FEDORA-2019-3844281be1
vendor-advisory
x_refsource_FEDORA
GLSA-201908-29
vendor-advisory
x_refsource_GENTOO
FEDORA-2019-59d60bd1fa
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-ea638fb605
vendor-advisory
x_refsource_FEDORA
RHSA-2019:2822
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2836
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2885
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2019:2281
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2278
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now