CVE-2020-28200
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-28200
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28200.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-28200
- Downstream
- Related
- Published
- 2021-06-28T13:15:12Z
- Modified
- 2025-07-29T09:23:40.004300Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
- References
-
- https://dovecot.org/security
- https://www.openwall.com/lists/oss-security/2021/06/28/3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/
- https://security-tracker.debian.org/tracker/CVE-2020-28200
Affected packages
Debian:11 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.3.13+dfsg1-2
1:2.3.13+dfsg1-2+deb11u1
1:2.3.13+dfsg1-2+deb11u2
1:2.3.16+dfsg1-1
1:2.3.16+dfsg1-2
1:2.3.16+dfsg1-3
1:2.3.17.1+dfsg1-1
1:2.3.18+dfsg1-1
1:2.3.19+dfsg1-1
1:2.3.19.1+dfsg1-1
1:2.3.19.1+dfsg1-2
1:2.3.19.1+dfsg1-2.1
1:2.3.20+dfsg1-1
1:2.3.21+dfsg1-1
1:2.3.21+dfsg1-2
1:2.3.21+dfsg1-3~bpo12+1
1:2.3.21+dfsg1-3
1:2.3.21.1+dfsg1-1~bpo12+1
1:2.3.21.1+dfsg1-1
1:2.4.0+dfsg1-1~exp1
1:2.4.0+dfsg1-1~exp2
1:2.4.0+dfsg1-1~exp3
1:2.4.0+dfsg1-1~exp4
1:2.4.0+dfsg1-1~exp5
1:2.4.0+dfsg1-1~exp6
1:2.4.1+dfsg1-1~exp1
1:2.4.1+dfsg1-1~exp2
1:2.4.1+dfsg1-1
1:2.4.1+dfsg1-2
1:2.4.1+dfsg1-3
1:2.4.1+dfsg1-4
1:2.4.1+dfsg1-5
1:2.4.1+dfsg1-6~exp1
1:2.4.1+dfsg1-6
Debian:12 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Debian:13 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Git / github.com/dovecot/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dovecot/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7