Описание
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.5.2 (исключая)
cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00809
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 7 лет назад
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
CVSS3: 7.5
redhat
почти 7 лет назад
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
CVSS3: 7.5
debian
почти 7 лет назад
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...
EPSS
Процентиль: 74%
0.00809
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo