CVE-2006-5973 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Dovecot

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

2.7%

top 14.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot Timo Sirainen Dovecot

Timeline

PublishedNov 20

Latest updateMay 1

Description

Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1.0.rc15-1 (bookworm)

▶Debiandovecot/dovecot< 1.0.rc15-1+3

▶NVDtimo_sirainen/dovecot57 versions+56

Patches

Patch: dovecot.org ↗Patch: dovecot.org ↗

🔴Vulnerability Details

GHSA

GHSA-2xmp-j7gv-wmqh: Off-by-one buffer overflow in Dovecot 1↗2022-05-01

▶

OSV

CVE-2006-5973: Off-by-one buffer overflow in Dovecot 1↗2006-11-20

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerability↗2006-11-28

▶

Debian

CVE-2006-5973: dovecot - Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly o...↗2006

▶