vulnerability
CentOS Linux: CVE-2019-11500: Important: dovecot security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 29, 2019 | Sep 23, 2019 | May 25, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 29, 2019
Added
Sep 23, 2019
Modified
May 25, 2023
Description
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Solution(s)
centos-upgrade-dovecotcentos-upgrade-dovecot-debuginfocentos-upgrade-dovecot-debugsourcecentos-upgrade-dovecot-develcentos-upgrade-dovecot-mysqlcentos-upgrade-dovecot-mysql-debuginfocentos-upgrade-dovecot-pgsqlcentos-upgrade-dovecot-pgsql-debuginfocentos-upgrade-dovecot-pigeonholecentos-upgrade-dovecot-pigeonhole-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.