← back
CVE-2019-11500

CVE-2019-11500

EPSS 62.3%
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.htmlhttps://access.redhat.com/errata/RHSA-2019:2822https://access.redhat.com/errata/RHSA-2019:2836https://access.redhat.com/errata/RHSA-2019:2885https://dovecot.org/pipermail/dovecot-news/2019-August/000417.htmlhttps://lists.debian.org/debian-lts-announce/2019/08/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/https://security.gentoo.org/glsa/201908-29https://www.dovecot.org/security.html