CVE-2020-25275

CVE-2020-25275

Name

CVE-2020-25275

Description

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://dovecot.org/security
Mailing List	https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
Mailing List	http://www.openwall.com/lists/oss-security/2021/01/04/3
Third Party Advisory	https://www.debian.org/security/2021/dsa-4825
Third Party Advisory	http://seclists.org/fulldisclosure/2021/Jan/18
Third Party Advisory	http://packetstormsecurity.com/files/160841/Dovecot-2.3.11.3-Denial-Of-Service.html
GENTOO	https://security.gentoo.org/glsa/202101-01
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7/

Type

URI

Vendor Advisory

https://dovecot.org/security

Mailing List

https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html

Mailing List

http://www.openwall.com/lists/oss-security/2021/01/04/3

Third Party Advisory

https://www.debian.org/security/2021/dsa-4825

Third Party Advisory

http://seclists.org/fulldisclosure/2021/Jan/18