CVE-2020-10967
Description
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
2.643
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| IMAP and POP3 email server (USN-4361-1) dovecot-core_2.3.4.1-5ubuntu3.1_i386.deb | Linux |
| IMAP and POP3 email server (USN-4361-1) dovecot-core_2.3.4.1-5ubuntu3.1_amd64.deb | Linux |
| IMAP and POP3 email server (USN-4361-1) dovecot-core_2.3.7.2-1ubuntu3.1_amd64.deb | Linux |
| (RHSA-2020:4763) dovecot security update dovecot-2.3.8-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4763) dovecot security update dovecot-debugsource-2.3.8-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4763) dovecot security update dovecot-mysql-2.3.8-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4763) dovecot security update dovecot-pgsql-2.3.8-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4763) dovecot security update dovecot-pigeonhole-2.3.8-4.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234