CVE-2020-24386

Published: 04 January 2021

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

Priority

Medium

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.13)
Ubuntu 21.04 (Hirsute Hippo)
Released (1:2.3.11.3+dfsg1-2ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (1:2.3.11.3+dfsg1-2ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:2.3.7.2-1ubuntu3.3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.2.33.2-1ubuntu4.7)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable
(code not present)