CVE-2020-10957

high

Description

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

References

Advisories
More

https://www.openwall.com/lists/oss-security/2020/05/18/1

https://www.debian.org/security/2020/dsa-4690

https://usn.ubuntu.com/4361-1/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/

http://www.openwall.com/lists/oss-security/2020/05/18/1

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html

https://dovecot.org/security

http://seclists.org/fulldisclosure/2020/May/37

http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html

Details

Source: Mitre, NVD

Published: 2020-05-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.15616

Detections

Analytics