vulnerability
Arch Linux: Denial of service (CVE-2020-28200)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Jun 28, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Jun 28, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A security issue has been found in Pigeonhole before version 0.5.15. The Sieve interpreter is not protected against abusive scripts that claim excessive resource usage, especially scripts using massive amounts of regexps. This means an attacker can cause a denial of service of the mail delivery system by using excessive amount of CPU and/or reaching the lmtp/lda process limits.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-28200
- https://attackerkb.com/topics/CVE-2020-28200
- URL-https://dovecot.org/security
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/
- URL-https://security.archlinux.org/ASA-202106-57
- URL-https://www.openwall.com/lists/oss-security/2021/06/28/3
- CWE-770
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.