CVE-2020-25275

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25275
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25275.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25275
Downstream
Related
Published
2021-01-04T17:15:13.930Z
Modified
2026-04-02T05:09:32.817859Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type
GIT
Repo
https://github.com/dovecot/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
89f716dc2ec7362864a368d32533184b55fb7831
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.13"
        }
    ]
}

Affected versions

1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.21
2.2.21.1
2.2.21.2
2.2.21.2.2
2.2.22
2.2.22.rc1
2.2.23
2.2.23.1
2.2.24
2.2.24.1
2.2.24.2
2.2.25
2.2.25.1
2.2.25.2
2.2.25.3
2.2.25.4
2.2.25.4.2
2.2.25.rc1
2.2.26
2.2.26.0
2.2.27
2.2.28
2.2.28.rc1
2.2.28.rc2
2.2.29
2.2.29.1
2.2.29.rc1
2.2.3
2.2.30
2.2.30.1
2.2.30.2
2.2.30.rc1
2.2.31
2.2.31.rc1
2.2.32
2.2.32.rc1
2.2.32.rc2
2.2.33
2.2.33.1
2.2.33.2
2.2.33.rc1
2.2.34
2.2.35
2.2.36
2.2.36.1
2.2.36.3
2.2.36.4
2.2.36.rc1
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7
2.3.0
2.3.0.1
2.3.0.rc1
2.3.1
2.3.10
2.3.10.1
2.3.11.2
2.3.11.3
2.3.14
2.3.14.1
2.3.14.rc1
2.3.15
2.3.16
2.3.17
2.3.17.1
2.3.18
2.3.19
2.3.19.1
2.3.2
2.3.2.1
2.3.2.rc1
2.3.20
2.3.21
2.3.21.1
2.3.3
2.3.3.rc1
2.3.4
2.3.4.1
2.3.5
2.3.5.1
2.3.5.2
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.3.8
2.3.9
2.3.9.1
2.3.9.2
2.3.9.3
2.4.0
2.4.1
2.4.2
2.4.3
Other
show

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25275.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "296346974619418808234080801214954265765",
                "1471052776949459769501067374191512796",
                "217466864070258896560181252484983121032",
                "121720010689383301941536457495250671877"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-1be4ae17",
        "target": {
            "file": "src/stats/client-writer.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "137596555788539951219949077210898227457",
            "length": 682.0
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-21d7f377",
        "target": {
            "file": "src/stats/client-writer.c",
            "function": "writer_client_input_event_update"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "217181472971271504745876234057744284658",
            "length": 1234.0
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-27cee2ac",
        "target": {
            "file": "src/lib-master/test-event-stats.c",
            "function": "test_parent_update_post_send"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "278785260246161150248339674797392182783",
                "268337524322404052174412187219750515495",
                "260900042069470596651645167535238511843",
                "215404735682128032450205611949595575148",
                "95632903194647195604684242103969210521",
                "334544074264257495251296982352358868461",
                "272235226121168406138417059860516680638",
                "94614832344236721621719220881383999969",
                "133845085594569060567343773474855935093",
                "231976961659895332335730835650040202731",
                "215964019162609653939930531910218753698",
                "124899298734637869030094386711232058176",
                "208507113689900333926841062784169050884",
                "22817438786077034395447909030443083472",
                "61749333419936925221299181776486836621",
                "230485890595458566265336413736305546876",
                "148317764179313926954713425459965936713"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-7e4b6371",
        "target": {
            "file": "src/lib-master/stats-client.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "306008020808452989219003758236380952763",
                "191947087068649407406175300183404404279",
                "139115681704428535252617837725603962715",
                "238716939131666563430944324612399042328"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-b4c3550a",
        "target": {
            "file": "src/lib-master/test-event-stats.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "186318130816510715596850195645109332825",
            "length": 795.0
        },
        "source": "https://github.com/dovecot/core/commit/89f716dc2ec7362864a368d32533184b55fb7831",
        "id": "CVE-2020-25275-f32b5762",
        "target": {
            "file": "src/lib-master/stats-client.c",
            "function": "stats_event_write"
        }
    }
]