TROYANOSYVIRUS
Voltar para CVEs

CVE-2019-11500

N/A

Descricao

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado8/29/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

debian:debian_linuxdovecot:dovecotdovecot:pigeonholefedoraproject:fedora

Fraquezas (CWE)

CWE-787

Referencias

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2019/08/28/3(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2822(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2836(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2885(cve@mitre.org)
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/(cve@mitre.org)
https://security.gentoo.org/glsa/201908-29(cve@mitre.org)
https://www.dovecot.org/security.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/08/28/3(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2822(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2836(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2885(af854a3a-2127-422b-91ae-364da2661108)
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201908-29(af854a3a-2127-422b-91ae-364da2661108)
https://www.dovecot.org/security.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.