Your submission was sent successfully! Close

CVE-2019-11499

Published: 30 April 2019

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

Notes

AuthorNote
mdeslaur
affects 2.3.0 - 2.3.5.2
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1:2.2.33.2-1ubuntu4.3)
cosmic
Released (1:2.3.2.1-1ubuntu3.4)
disco
Released (1:2.3.4.1-1ubuntu2.2)
precise Not vulnerable

trusty Not vulnerable

upstream
Released (2.3.6)
xenial Not vulnerable
(1:2.2.22-1ubuntu2.10)