CVE-2019-7524
Description
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.026
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.2.9-1ubuntu2.6_i386.deb | Linux |
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.2.9-1ubuntu2.6_amd64.deb | Linux |
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.3.2.1-1ubuntu3.2_i386.deb | Linux |
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.3.2.1-1ubuntu3.2_amd64.deb | Linux |
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.2.33.2-1ubuntu4.3_i386.deb | Linux |
| IMAP and POP3 email server (USN-3928-1) dovecot-core_2.2.33.2-1ubuntu4.3_amd64.deb | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-backend-mysql-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-backend-pgsql-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP4 ) dovecot22-backend-sqlite-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP3 ) dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP3 ) dovecot22-debuginfo-2.2.31-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2019:0900-1(SUSE Linux Enterprise Server 12-SP3 ) dovecot22-debugsource-2.2.31-19.14.2.x86_64.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-2.2.36-6.el7.i686.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-2.2.36-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-devel-2.2.36-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-mysql-2.2.36-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-pgsql-2.2.36-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:1062) dovecot security and bug fix update dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm | Linux |
| (CESA-2020:1062) dovecot security and bug fix update dovecot-2.2.36-6.el7.x86_64.rpm | Linux |
| (CESA-2020:1062) dovecot security and bug fix update dovecot-devel-2.2.36-6.el7.x86_64.rpm | Linux |
| (CESA-2020:1062) dovecot security and bug fix update dovecot-mysql-2.2.36-6.el7.x86_64.rpm | Linux |
| (CESA-2020:1062) dovecot security and bug fix update dovecot-pgsql-2.2.36-6.el7.x86_64.rpm | Linux |
| (CESA-2020:1062) dovecot security and bug fix update dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234