Back to search
CVE-2019-7524
Published: Mar 28, 2019
Modified: Aug 4, 2024
PUBLISHED
CVSS v3.0
8.8
HIGH
Description
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:N
Attack Complexity
Low
Attack Vector
Local
Availability
High
Confidentiality
High
Integrity
High
Privileges Required
Low
Scope
Changed
User Interaction
None
References
https://dovecot.org/security.html
x_refsource_MISC
https://dovecot.org/list/dovecot-news/2019-March/000403.html
x_refsource_MISC
[oss-security] 20190328 CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
mailing-list
x_refsource_MLIST
20190328 [SECURITY] [DSA 4418-1] dovecot security update
mailing-list
x_refsource_BUGTRAQ
DSA-4418
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20190329 [SECURITY] [DLA 1736-1] dovecot security update
mailing-list
x_refsource_MLIST
USN-3928-1
vendor-advisory
x_refsource_UBUNTU
107672
vdb-entry
x_refsource_BID
openSUSE-SU-2019:1212
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1220
vendor-advisory
x_refsource_SUSE
GLSA-201904-19
vendor-advisory
x_refsource_GENTOO
FEDORA-2019-9e004decea
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-1b61a528dd
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now