CVE-2019-7524 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Dovecot

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 74.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot Canonical Ubuntu Linux +2 more

Timeline

PublishedMar 28

Latest updateMay 14

Description

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/dovecot< dovecot 1:2.3.4.1-3 (bookworm)

▶NVDdovecot/dovecot2.3.0 — 2.3.5.1+1

▶Debiandovecot/dovecot< 1:2.3.4.1-3+3

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-64hp-rrrv-2xwx: In Dovecot before 2↗2022-05-14

▶

OSV

CVE-2019-7524: In Dovecot before 2↗2019-03-28

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerability↗2019-04-01

▶

Red Hat

dovecot: Buffer overflow in indexer-worker process results in privilege escalation↗2019-03-28

▶

Debian

CVE-2019-7524: dovecot - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause ...↗2019

▶

💬Community

Bugzilla

CVE-2019-7524 dovecot: Buffer overflow in indexer-worker process results in privilege escalation↗2019-04-04

▶

Bugzilla

CVE-2019-7524 dovecot: buffer overflow in indexer-worker process results in privilege escalation [fedora-all]↗2019-04-04

▶