vulnerability
FreeBSD: VID-f3fc2b50-d36a-11eb-a32c-00a0989e4ec1 (CVE-2020-28200): dovecot-pigeonhole -- Sieve excessive resource usage
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Jun 22, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Jun 22, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Dovecot team reports reports: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out.
Solution
freebsd-upgrade-package-dovecot-pigeonhole
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.