dovecot: Multiple vulnerabilities (CVE-2020-10957, CVE-2020-10958, CVE-2020-10967)
CVE-2020-10957: NULL pointer dereference
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
References:
- https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-10957
CVE-2020-10958: Improper handling of input data
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
References:
- https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-10958
CVE-2020-10967: Improper input validation
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
References:
- https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-10967
Affected branches:
-
master -
3.11-stable -
3.10-stable -
3.9-stable -
3.8-stable