CVE-2020-7957

Name
CVE-2020-7957
Description
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://dovecot.org/security
Mailing List http://www.openwall.com/lists/oss-security/2020/02/12/2
Mailing List https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:* dovecot >= 2.3.9 < 2.3.9.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status