CVE-2020-28200

Published: 21 June 2021

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

Priority

Low

CVSS 3 base score: 4.3

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.15)
Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.10 (Groovy Gorilla) Ignored
(reached end-of-life)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Notes

AuthorNote
mdeslaur
per upstream, fixing this is a massive change that cannot be
backported to earlier releases

References