Описание
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.2.33.2-1ubuntu4.3 |
| cosmic | released | 1:2.3.2.1-1ubuntu3.2 |
| devel | released | 1:2.3.4.1-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 1:2.2.9-1ubuntu2.6 |
| esm-infra/bionic | not-affected | 1:2.2.33.2-1ubuntu4.3 |
| esm-infra/xenial | not-affected | 1:2.2.22-1ubuntu2.10 |
| precise/esm | not-affected | code not present |
| trusty | released | 1:2.2.9-1ubuntu2.6 |
| trusty/esm | not-affected | 1:2.2.9-1ubuntu2.6 |
| upstream | released | 2.3.5.1, 2.2.36.3 |
Показывать по
EPSS
7.2 High
CVSS2
8.8 High
CVSS3
Связанные уязвимости
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker ...
EPSS
7.2 High
CVSS2
8.8 High
CVSS3