CVE-2020-10958
- Source
- https://cve.org/CVERecord?id=CVE-2020-10958
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10958.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-10958
- Downstream
- Related
- Published
- 2020-05-18T14:15:11.827Z
- Modified
- 2026-04-02T02:09:11.030478Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
- References
-
- http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/
- https://usn.ubuntu.com/4361-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/
- https://www.debian.org/security/2020/dsa-4690
- https://www.openwall.com/lists/oss-security/2020/05/18/1
- http://www.openwall.com/lists/oss-security/2020/05/18/1
- https://dovecot.org/security
- http://seclists.org/fulldisclosure/2020/May/37
Affected packages
Git / github.com/dovecot/core
Affected versions
1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.21
2.2.21.1
2.2.21.2
2.2.21.2.2
2.2.22
2.2.22.rc1
2.2.23
2.2.23.1
2.2.24
2.2.24.1
2.2.24.2
2.2.25
2.2.25.1
2.2.25.2
2.2.25.3
2.2.25.4
2.2.25.4.2
2.2.25.rc1
2.2.26
2.2.26.0
2.2.27
2.2.28
2.2.28.rc1
2.2.28.rc2
2.2.29
2.2.29.1
2.2.29.rc1
2.2.3
2.2.30
2.2.30.1
2.2.30.2
2.2.30.rc1
2.2.31
2.2.31.rc1
2.2.32
2.2.32.rc1
2.2.32.rc2
2.2.33
2.2.33.1
2.2.33.2
2.2.33.rc1
2.2.34
2.2.35
2.2.36
2.2.36.1
2.2.36.3
2.2.36.4
2.2.36.rc1
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7
2.3.0
2.3.0.1
2.3.0.rc1
2.3.1
2.3.10
2.3.11.2
2.3.11.3
2.3.13
2.3.14
2.3.14.1
2.3.14.rc1
2.3.15
2.3.16
2.3.17
2.3.17.1
2.3.18
2.3.19
2.3.19.1
2.3.2
2.3.2.1
2.3.2.rc1
2.3.20
2.3.21
2.3.21.1
2.3.3
2.3.3.rc1
2.3.4
2.3.4.1
2.3.5
2.3.5.1
2.3.5.2
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.3.8
2.3.9
2.3.9.1
2.3.9.2
2.3.9.3
2.4.0
2.4.1
2.4.2
2.4.3
Other
show