Rafi Rubin

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.2.36.4 Dovecot versions prior to 2.3.7.2 Pigeonhole versions prior to 0.5.7.2 **Description** The issue is related to the mishandling of '0' characters in protocol processing, which can lead to out-of-bounds writes and remote code execution. This can be exploited by a remote attacker to execute arbitrary code. The problem can be exploited before authentication. **Recommendations** For Dovecot versions prior to 2.2.36.4, update to version 2.2.36.4 or later. For Dovecot versions prior to 2.3.7.2, update to version 2.3.7.2 or later. For Pigeonhole versions prior to 0.5.7.2, update to version 0.5.7.2 or later. As a temporary workaround, consider restricting access to the IMAP and ManageSieve protocols until the issue is resolved.