dovecot: NULL Pointer Dereference (CVE-2019-19722)
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
Fixed In Version:
dovecot 2.3.9.2.
References:
- https://dovecot.org/pipermail/dovecot-news/2019-December/000428.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-19722
Affected branches:
-
master (ec546a09) -
3.10-stable -
3.9-stable -
3.8-stable