CVE-2019-3814

Published: 05 February 2019

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Priority

Medium

CVSS 3 base score: 6.8

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
Upstream
Released (2.2.36.1,2.3.4.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.2.33.2-1ubuntu4.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.2.22-1ubuntu2.9)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:2.2.9-1ubuntu2.5)