CVE-2020-25275 Information

Jun 07, 2022 cve

Description

Dovecot before 2.3.13 has Improper Input Validation in lda lmtp and imap leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://dovecot.org/security https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html http://www.openwall.com/lists/oss-security/2021/01/04/3 https://www.debian.org/security/2021/dsa-4825 http://seclists.org/fulldisclosure/2021/Jan/18 http://packetstormsecurity.com/files/160841/Dovecot-2.3.11.3-Denial-Of-Service.html https://security.gentoo.org/glsa/202101-01 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: