PT-2020-5172 · Dovecot+6 · Dovecot+6

Published

2020-08-12

·

Updated

2025-01-30

·

CVE-2020-12100

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.3.11.3
Description The issue is caused by uncontrolled recursion in submission, lmtp, and lda, allowing remote attackers to cause a denial of service via a crafted e-mail message with deeply nested MIME parts.
Recommendations For versions prior to 2.3.11.3, update to version 2.3.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the size of incoming e-mail messages to prevent deeply nested MIME parts from causing uncontrolled recursion.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2020-3376
ALT-PU-2020-3453
ALT-PU-2021-1205
BDU:2020-05783
CESA-2020_3617
CESA-2020_3713
CVE-2020-12100
DLA-2328-1
DSA-4745-1
DSA-4825-1
MGASA-2020-0330
OPENSUSE-SU-2021:0026-1
OPENSUSE-SU-2021:0072-1
OPENSUSE-SU-2021_0026-1
OPENSUSE-SU-2021_0072-1
OPENSUSE-SU-2024:10726-1
OPENSUSE-SU-2025:14715-1
RHSA-2020:3617
RHSA-2020:3713
RHSA-2020:3735
RHSA-2020:3736
RHSA-2020_3617
RHSA-2020_3713
SUSE-SU-2021:0027-1
SUSE-SU-2021:0028-1
SUSE-SU-2021:0029-1
SUSE-SU-2021_0027-1
SUSE-SU-2021_0028-1
SUSE-SU-2021_0029-1
USN-4456-1
USN-4456-2

Affected Products

Alt Linux
Centos
Dovecot
Linuxmint
Red Hat
Suse
Ubuntu