cbcvebase.
CVE-2008-4907
published 2008-11-04

CVE-2008-4907: The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
6.20%
92.6th percentile
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandovecot< dovecot 1:1.1.7-1 (bookworm)dovecot 1:1.1.7-1 (bookworm)
dovecotdovecot
dovecotdovecot
dovecotdovecot>= 0 < 1:1.1.7-11:1.1.7-1
dovecotdovecot>= 0 < 1:1.1.7-11:1.1.7-1
dovecotdovecot>= 0 < 1:1.1.7-11:1.1.7-1
dovecotdovecot>= 0 < 1:1.1.7-11:1.1.7-1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.