CVE-2020-10958

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.3.10.1

Description A crafted SMTP/LMTP message can trigger an unauthenticated use-after-free bug in submission-login, submission, or lmtp, leading to a crash under circumstances involving many newlines after a command.

Recommendations For versions prior to 2.3.10.1, update to version 2.3.10.1 or later to resolve the issue. As a temporary workaround, consider restricting the submission-login, submission, or lmtp services to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2020:4763

ALT-PU-2020-1984

ALT-PU-2020-1989

CESA-2020_4763

CVE-2020-10958

DSA-4690-1

MGASA-2020-0222

OPENSUSE-SU-2020:0720-1

OPENSUSE-SU-2020_0720-1

OPENSUSE-SU-2024:10726-1

OPENSUSE-SU-2025:14715-1

RHSA-2020:4763

RHSA-2020_4763

SUSE-SU-2020:1379-1

SUSE-SU-2020:1380-1

USN-4361-1

Affected Products

Alt Linux

Almalinux

Centos

Dovecot

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2020-10958

Weakness Enumeration

Related Identifiers

Affected Products

References · 68