CVE-2020-12100

CVE-2020-12100

Name

CVE-2020-12100

Description

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	http://www.openwall.com/lists/oss-security/2020/08/12/1
Vendor Advisory	https://dovecot.org/security
Third Party Advisory	https://www.debian.org/security/2020/dsa-4745
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html
UBUNTU	https://usn.ubuntu.com/4456-1/
UBUNTU	https://usn.ubuntu.com/4456-2/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/
GENTOO	https://security.gentoo.org/glsa/202009-02
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/
MLIST	http://www.openwall.com/lists/oss-security/2021/01/04/3
FULLDISC	http://seclists.org/fulldisclosure/2021/Jan/18

Type

URI

Exploit

http://www.openwall.com/lists/oss-security/2020/08/12/1

Vendor Advisory

https://dovecot.org/security

Third Party Advisory

https://www.debian.org/security/2020/dsa-4745

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html

UBUNTU

https://usn.ubuntu.com/4456-1/