CVE-2020-10967

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-10967

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10967.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10967

Downstream

ALPINE-CVE-2020-10967

DEBIAN-CVE-2020-10967

DSA-4690-1

RHSA-2020:4763

SUSE-SU-2020:1379-1

SUSE-SU-2020:1380-1

UBUNTU-CVE-2020-10967

USN-4361-1

openSUSE-SU-2020:0720-1

openSUSE-SU-2024:10726-1

openSUSE-SU-2025:14715-1

Related

Published

2020-05-18T15:15:10.817Z

Modified

2026-04-02T02:09:01.567923Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type

GIT

Repo

https://github.com/dovecot/core

Events

Introduced

Fixed

4b1c00a7f20beb86b06a904ac330a75f6a2dc17c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.10.1"
        }
    ]
}

Affected versions

1.*

1.1.alpha1

1.1.alpha2

1.1.alpha4

1.1.alpha5

1.1.alpha6

1.1.beta1

1.1.beta10

1.1.beta11

1.1.beta12

1.1.beta13

1.1.beta14

1.1.beta16

1.1.beta2

1.1.beta3

1.1.beta4

1.1.beta5

1.1.beta6

1.1.beta8

1.1.beta9

1.1.rc1

1.1.rc2

1.1.rc3

1.1.rc4

1.1.rc5

1.1.rc6

1.1.rc7

1.1.rc8

1.2.alpha1

1.2.alpha2

1.2.alpha3

1.2.alpha4

1.2.alpha5

1.2.beta1

1.2.beta2

1.2.beta3

1.2.beta4

1.2.rc1

2.*

2.0.0

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.alpha1

2.0.alpha2

2.0.alpha3

2.0.beta1

2.0.beta2

2.0.beta3

2.0.beta4

2.0.beta5

2.0.beta6

2.0.rc1

2.0.rc2

2.0.rc3

2.0.rc4

2.0.rc5

2.0.rc6

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.alpha1

2.1.alpha2

2.1.beta1

2.1.rc1

2.1.rc2

2.1.rc3

2.1.rc4

2.1.rc5

2.1.rc6

2.1.rc7

2.2.0

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.13.rc1

2.2.14

2.2.14.rc1

2.2.15

2.2.16

2.2.16.rc1

2.2.17

2.2.17.rc1

2.2.17.rc2

2.2.18

2.2.19

2.2.19.rc1

2.2.19.rc2

2.2.2

2.2.20

2.2.20.rc1

2.2.21

2.2.21.1

2.2.21.2

2.2.21.2.2

2.2.22

2.2.22.rc1

2.2.23

2.2.23.1

2.2.24

2.2.24.1

2.2.24.2

2.2.25

2.2.25.1

2.2.25.2

2.2.25.3

2.2.25.4

2.2.25.4.2

2.2.25.rc1

2.2.26

2.2.26.0

2.2.27

2.2.28

2.2.28.rc1

2.2.28.rc2

2.2.29

2.2.29.1

2.2.29.rc1

2.2.3

2.2.30

2.2.30.1

2.2.30.2

2.2.30.rc1

2.2.31

2.2.31.rc1

2.2.32

2.2.32.rc1

2.2.32.rc2

2.2.33

2.2.33.1

2.2.33.2

2.2.33.rc1

2.2.34

2.2.35

2.2.36

2.2.36.1

2.2.36.3

2.2.36.4

2.2.36.rc1

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.alpha1

2.2.beta1

2.2.beta2

2.2.rc1

2.2.rc2

2.2.rc3

2.2.rc4

2.2.rc5

2.2.rc6

2.2.rc7

2.3.0

2.3.0.1

2.3.0.rc1

2.3.1

2.3.10

2.3.11.2

2.3.11.3

2.3.13

2.3.14

2.3.14.1

2.3.14.rc1

2.3.15

2.3.16

2.3.17

2.3.17.1

2.3.18

2.3.19

2.3.19.1

2.3.2

2.3.2.1

2.3.2.rc1

2.3.20

2.3.21

2.3.21.1

2.3.3

2.3.3.rc1

2.3.4

2.3.4.1

2.3.5

2.3.5.1

2.3.5.2

2.3.6

2.3.7

2.3.7.1

2.3.7.2

2.3.8

2.3.9

2.3.9.1

2.3.9.2

2.3.9.3

2.4.0

2.4.1

2.4.2

2.4.3

Other

show

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10967.json"