CVE-2020-12673

Published: 12 August 2020

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.11)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:2.3.7.2-1ubuntu3.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.2.33.2-1ubuntu4.6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.2.22-1ubuntu2.13)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:2.2.9-1ubuntu2.6+esm3)

Notes

AuthorNote
leosilva
marking precise as ignored since we won't fix it
version in that release is quite old and the backports
could possibly cause serious regressions.

References