CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type

GIT

Repo

https://github.com/dovecot/core

Events

Introduced

Fixed

baf9232c12705b02bcfc12493f61e0f2d23612a0

Introduced

c8b89eb9968980589904a58e8bd72fc8c00039be

Fixed

3c910f64bf3bd57cdf2703cf4c36c7613f1107f0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.36.4"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.7.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/dovecot/pigeonhole

Events

Introduced

Fixed

7372921a72f6a01ac0708aa58827b3f935d45d39

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.5.7.2"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.4.0

0.4.1

0.4.10

0.4.10.rc1

0.4.10.rc2

0.4.11

0.4.11.rc1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.7.rc1

0.4.7.rc2

0.4.7.rc3

0.4.8

0.4.8.rc1

0.4.8.rc2

0.4.8.rc3

0.4.9

0.4.9.rc1

0.5.7

0.5.7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11500.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    }
]