Описание
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
Отчет
A flaw was found in the JSON encoder in dovecot, which an attacker could use to crash the application via usage of invalid UTF-8 characters in the login name during authentication or by using invalid UTF-8 sequence in email when OX push notification driver is enabled. The versions of dovecot shipped with Red Hat Enterprise Linux did not ship the vulnerable code and therefore were not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 6 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 7 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 8 | dovecot | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...
7.5 High
CVSS3