Описание
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1:2.2.33.2-1ubuntu4.5 |
| devel | not-affected | 1:2.3.7.2-1ubuntu1 |
| disco | not-affected | 1:2.3.4.1-1ubuntu2.4 |
| eoan | not-affected | 1:2.3.4.1-5ubuntu3 |
| esm-infra-legacy/trusty | not-affected | 1:2.2.9-1ubuntu2.6 |
| esm-infra/bionic | not-affected | 1:2.2.33.2-1ubuntu4.5 |
| esm-infra/xenial | not-affected | 1:2.2.22-1ubuntu2.12 |
| precise/esm | not-affected | 1:2.0.19-0ubuntu2.2 |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | 1:2.2.9-1ubuntu2.6 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
In Dovecot before 2.3.9.2, an attacker can crash a push-notification d ...
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3