CVE-2020-10957 — NULL Pointer Dereference in Dovecot

CWE-476 — NULL Pointer Dereference CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

7.5HIGHNVD

EPSS

8.1%

top 7.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedMay 18

Latest updateMay 24

Description

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/dovecot< dovecot 1:2.3.10.1+dfsg1-1 (bookworm)

▶NVDdovecot/dovecot< 2.3.10.1

▶Debiandovecot/dovecot< 1:2.3.10.1+dfsg1-1+3

▶Ubuntudovecot/dovecot< 1:2.3.7.2-1ubuntu3.1

🔴Vulnerability Details

GHSA

GHSA-q55g-848v-f654: In Dovecot before 2↗2022-05-24

▶

OSV

dovecot vulnerabilities↗2020-05-18

▶

OSV

CVE-2020-10957: In Dovecot before 2↗2020-05-18

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2020-05-18

▶

Red Hat

dovecot: malformed NOOP commands leads to DoS↗2020-05-18

▶

Debian

CVE-2020-10957: dovecot - In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a...↗2020

▶

💬Community

Bugzilla

CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS↗2020-05-11

▶