#Vulnerabilities 49
Date Id Summary Products Score Patch Annotated
2021-01-04 CVE-2020-25275 Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. Debian_linux, Dovecot 7.5
2021-01-04 CVE-2020-24386 An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). Debian_linux, Dovecot 6.8
2020-08-12 CVE-2020-12100 In Dovecot before, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. Debian_linux, Dovecot 7.5
2020-08-12 CVE-2020-12673 In Dovecot before, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Ubuntu_linux, Debian_linux, Dovecot 7.5
2020-08-12 CVE-2020-12674 In Dovecot before, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Debian_linux, Dovecot 7.5
2020-05-18 CVE-2020-10967 In Dovecot before, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. Dovecot 5.3
2020-05-18 CVE-2020-10958 In Dovecot before, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. Dovecot N/A
2020-05-18 CVE-2020-10957 In Dovecot before, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. Dovecot N/A
2020-02-12 CVE-2020-7957 The IMAP and LMTP components in Dovecot 2.3.9 before mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. Dovecot N/A
2020-02-12 CVE-2020-7046 lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. Dovecot N/A