Dovecot: >> Dovecot >> 2.3.0 Security Vulnerabilities
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVSS Score
7.7
EPSS Score
0.025
Published
2019-03-27
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
CVSS Score
7.5
EPSS Score
0.032
Published
2018-01-25
Page 4