Vulnerabilities > Dovecot
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-04 | CVE-2020-25275 | Improper Input Validation vulnerability in multiple products Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | 5.0 |
| 2021-01-04 | CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. | 4.9 |
| 2020-08-12 | CVE-2020-12674 | Out-Of-Bounds Read vulnerability in multiple products In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | 5.0 |
| 2020-08-12 | CVE-2020-12673 | Out-Of-Bounds Read vulnerability in multiple products In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | 5.0 |
| 2020-08-12 | CVE-2020-12100 | Uncontrolled Recursion vulnerability in multiple products In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | 5.0 |
| 2020-05-18 | CVE-2020-10967 | Improper Input Validation vulnerability in Dovecot In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | 5.0 |
| 2020-05-18 | CVE-2020-10958 | USE After Free vulnerability in Dovecot In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. | 5.0 |
| 2020-05-18 | CVE-2020-10957 | Null Pointer Dereference vulnerability in Dovecot In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | 5.0 |
| 2020-02-12 | CVE-2020-7957 | Improper Input Validation vulnerability in Dovecot 2.3.9/2.3.9.1/2.3.9.2 The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. | 5.0 |
| 2020-02-12 | CVE-2020-7046 | Infinite Loop vulnerability in Dovecot 2.3.9/2.3.9.1/2.3.9.2 lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. | 7.8 |