Main Vulnerability Database SB2020021232

SB2020021232 - Input validation error in dovecot (Alpine package)

Published: February 12, 2020

Security Bulletin ID SB2020021232

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-7957)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the IMAP and LMTP components when many characters must be read while computing the snippet and a trailing ">" character is present. As a result the recipient cannot read all messages in the mailbox.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=4188e3f4c8c70ca30f481278b85d52799ade266a
https://git.alpinelinux.org/aports/commit/?id=63c2cc277e73718a89df156cafffdaaf5bbad6cc
https://git.alpinelinux.org/aports/commit/?id=e9ada9531d3f3e60456ec07437a2f39f9a196861
https://git.alpinelinux.org/aports/commit/?id=e4e11f810f4cc92a5571af410212a5017a22c38f
https://git.alpinelinux.org/aports/commit/?id=e9e7886ac4e95e89ba3699315dffc40c61159838