Описание
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Меры по смягчению последствий
A potential mitigation is configuring the mail transfer agent to not accept messages with more than 10,000 MIME parts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | dovecot | Out of support scope | ||
| Red Hat Enterprise Linux 6 | dovecot | Out of support scope | ||
| Red Hat Enterprise Linux 7 | dovecot | Out of support scope | ||
| Red Hat Enterprise Linux 9 | dovecot | Affected | ||
| Red Hat Enterprise Linux 8 | dovecot | Fixed | RHSA-2021:1887 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and ...
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Уязвимость компонентов lda, lmtp и imap почтового сервера Dovecot, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3