CVE-2019-19722

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.3.9.2

Description The issue allows an attacker to crash a push-notification driver with a crafted email when push notifications are used, due to a NULL Pointer Dereference. This can be achieved by using a group address as either the sender or the recipient in the email.

Recommendations For versions prior to 2.3.9.2, update to version 2.3.9.2 or later to resolve the issue. As a temporary workaround, consider disabling push notifications until a patch is available. Restrict access to the push-notification driver to minimize the risk of exploitation.