In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-29T13:51:46
Updated: 2019-10-07T20:06:11
Reserved: 2019-04-24T00:00:00
Link: CVE-2019-11500
JSON object: View
NVD Information
Status : Modified
Published: 2019-08-29T14:15:11.037
Modified: 2023-11-07T03:03:02.563
Link: CVE-2019-11500
JSON object: View
Redhat Information
No data.
CWE