CVE-2020-28200

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.3.15

Description The issue is related to errors in resource management in the Dovecot mail server, which can be exploited by a remote attacker to cause a denial of service. The Sieve engine in Dovecot is affected, particularly when handling complex regular expressions for the regex extension, leading to uncontrolled resource consumption.

Recommendations For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of complex regular expressions in the Sieve engine to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-399

Related Identifiers

ALT-PU-2021-2500

ALT-PU-2021-2537

ALT-PU-2021-2548

ALT-PU-2021-2579

AZL-7194

BDU:2021-03235

CVE-2020-28200

MGASA-2021-0557

OESA-2021-1270

OPENSUSE-SU-2021:1225-1

OPENSUSE-SU-2021:2892-1

OPENSUSE-SU-2021_1225-1

OPENSUSE-SU-2021_2892-1

OPENSUSE-SU-2024:10726-1

OPENSUSE-SU-2025:14715-1

SUSE-SU-2021:2890-1

SUSE-SU-2021:2891-1

SUSE-SU-2021:2892-1

SUSE-SU-2021_2890-1

SUSE-SU-2021_2891-1

SUSE-SU-2021_2892-1

Affected Products

Alt Linux

Debian

Dovecot

Suse

CVE-2020-28200

Weakness Enumeration

Related Identifiers

Affected Products

References · 68