PT-2020-5857 · Dovecot+7 · Dovecot+7

Innokentii Sennovskiy

Published

2020-09-11

Updated

2022-09-02

CVE-2020-25275

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.13

Description: The issue is related to insufficient input validation in the lda, lmtp, and imap components of the Dovecot mail server. This allows a remote attacker to cause a denial of service by crafting a specific email message with certain choices for ten thousand MIME parts, leading to an application crash.

Recommendations: For versions prior to 2.3.13, update to version 2.3.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the lda, lmtp, and imap components until a patch is applied. Avoid processing crafted email messages with excessive MIME parts in the affected components.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:1887

ALT-PU-2021-1027

ALT-PU-2021-1055

ALT-PU-2021-1205

BDU:2021-01901

CESA-2021_1887

CVE-2020-25275

DLA-2517-1

DSA-4825-1

MGASA-2021-0008

OESA-2021-1042

OPENSUSE-SU-2021:0026-1

OPENSUSE-SU-2021:0072-1

OPENSUSE-SU-2021_0026-1

OPENSUSE-SU-2021_0072-1

RHSA-2021:1887

RHSA-2021_1887

SUSE-SU-2021:0027-1

SUSE-SU-2021:0028-1

SUSE-SU-2021:0029-1

USN-4674-1

USN-4674-2

Affected Products

Alt Linux

Almalinux

Centos

Dovecot

Linuxmint

Red Hat

Suse

Ubuntu

PT-2020-5857 · Dovecot+7 · Dovecot+7

CVE-2020-25275

Weakness Enumeration

Related Identifiers

Affected Products

References · 65