CVE-2020-10958 - OpenCVE

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dovecot	Dovecot

Configuration 1 [-]

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html
http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2020/May/37	Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/05/18/1	Mailing List Third Party Advisory
https://dovecot.org/security	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/
https://usn.ubuntu.com/4361-1/
https://www.debian.org/security/2020/dsa-4690
https://www.openwall.com/lists/oss-security/2020/05/18/1	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-18T14:00:33

Updated: 2020-05-28T03:06:13

Reserved: 2020-03-25T00:00:00

Link: CVE-2020-10958

JSON object: View

NVD Information

Status : Modified

Published: 2020-05-18T14:15:11.827

Modified: 2023-11-07T03:14:26.240

Link: CVE-2020-10958

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-28T03:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://dovecot.org/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"}, {"name": "[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"}, {"name": "USN-4361-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4361-1/"}, {"name": "20200519 Multiple vulnerabilities in Dovecot IMAP server", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/37"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html"}, {"name": "DSA-4690", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4690"}, {"name": "FEDORA-2020-1dee17d880", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/"}, {"name": "openSUSE-SU-2020:0720", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html"}, {"name": "FEDORA-2020-b60344c987", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10958", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://dovecot.org/security", "refsource": "MISC", "url": "https://dovecot.org/security"}, {"name": "https://www.openwall.com/lists/oss-security/2020/05/18/1", "refsource": "CONFIRM", "url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"}, {"name": "[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"}, {"name": "USN-4361-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4361-1/"}, {"name": "20200519 Multiple vulnerabilities in Dovecot IMAP server", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/37"}, {"name": "http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html"}, {"name": "DSA-4690", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4690"}, {"name": "FEDORA-2020-1dee17d880", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/"}, {"name": "openSUSE-SU-2020:0720", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html"}, {"name": "FEDORA-2020-b60344c987", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10958", "datePublished": "2020-05-18T14:00:33", "dateReserved": "2020-03-25T00:00:00", "dateUpdated": "2020-05-28T03:06:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B753CF9-8EB3-4925-9772-F6044915C907", "versionEndExcluding": "2.3.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command."}, {"lang": "es", "value": "En Dovecot versiones anteriores a 2.3.10.1, un mensaje SMTP/LMTP dise\u00f1ado desencadena un bug no autenticado de uso de la memoria previamente liberada en submission-login, submission, o lmtp, y puede conllevar a un bloqueo bajo circunstancias que impliquen muchas l\u00edneas nuevas despu\u00e9s de un comando."}], "id": "CVE-2020-10958", "lastModified": "2023-11-07T03:14:26.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-18T14:15:11.827", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/37"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://dovecot.org/security"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4361-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4690"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}