CVE-2020-12100

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-12100
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12100.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12100
Downstream
Related
Published
2020-08-12T16:15:11.760Z
Modified
2026-04-02T02:10:21.358803Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type
GIT
Repo
https://github.com/dovecot/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
502c39af9375c2739ce01f93afd0d01c836613fd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.11.3"
        }
    ]
}

Affected versions

1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.21
2.2.21.1
2.2.21.2
2.2.21.2.2
2.2.22
2.2.22.rc1
2.2.23
2.2.23.1
2.2.24
2.2.24.1
2.2.24.2
2.2.25
2.2.25.1
2.2.25.2
2.2.25.3
2.2.25.4
2.2.25.4.2
2.2.25.rc1
2.2.26
2.2.26.0
2.2.27
2.2.28
2.2.28.rc1
2.2.28.rc2
2.2.29
2.2.29.1
2.2.29.rc1
2.2.3
2.2.30
2.2.30.1
2.2.30.2
2.2.30.rc1
2.2.31
2.2.31.rc1
2.2.32
2.2.32.rc1
2.2.32.rc2
2.2.33
2.2.33.1
2.2.33.2
2.2.33.rc1
2.2.34
2.2.35
2.2.36
2.2.36.1
2.2.36.3
2.2.36.4
2.2.36.rc1
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7
2.3.0
2.3.0.1
2.3.0.rc1
2.3.1
2.3.10
2.3.10.1
2.3.11.2
2.3.13
2.3.14
2.3.14.1
2.3.14.rc1
2.3.15
2.3.16
2.3.17
2.3.17.1
2.3.18
2.3.19
2.3.19.1
2.3.2
2.3.2.1
2.3.2.rc1
2.3.20
2.3.21
2.3.21.1
2.3.3
2.3.3.rc1
2.3.4
2.3.4.1
2.3.5
2.3.5.1
2.3.5.2
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.3.8
2.3.9
2.3.9.1
2.3.9.2
2.3.9.3
2.4.0
2.4.1
2.4.2
2.4.3
Other
show

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12100.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.04"
            }
        ]
    }
]