Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-12100

Опубликовано: 12 авг. 2020
Источник: debian
EPSS Низкий

Описание

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
dovecotfixed1:2.3.11.3+dfsg1-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2020/08/12/1

  • https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad

  • https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b

  • https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405

  • https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801

  • https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667

  • https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b

  • https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3

  • https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490

  • https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049

  • https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf

  • https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67

  • https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133

  • https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4

  • https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716

  • https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161

  • https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3

EPSS

Процентиль: 91%
0.06795
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-12100

CVSS3: 7.5
ubuntu
около 5 лет назад

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

redhat логотип

CVE-2020-12100

CVSS3: 7.5
redhat
около 5 лет назад

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

nvd логотип

CVE-2020-12100

CVSS3: 7.5
nvd
около 5 лет назад

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

github логотип

GHSA-pq8h-22gg-vpmw

CVSS3: 7.5
github
около 3 лет назад

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

fstec логотип

BDU:2020-05783

CVSS3: 7.5
fstec
около 5 лет назад

Уязвимость почтового сервера Dovecot, вызванная неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 91%
0.06795
Низкий