Vulnerability Details CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 3.1
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2020/02/12/2
- https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
- https://dovecot.org/security
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA/
- http://www.openwall.com/lists/oss-security/2020/02/12/2
- https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
- https://dovecot.org/security
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA/
Products affected by CVE-2020-7957
-
cpe:2.3:a:dovecot:dovecot:2.3.9
-
cpe:2.3:a:dovecot:dovecot:2.3.9.1
-
cpe:2.3:a:dovecot:dovecot:2.3.9.2
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31