vulnerability

FreeBSD: VID-74db0d02-b140-4c32-aac6-1f1e81e1ad30 (CVE-2020-7046): dovecot -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Feb 13, 2020	Feb 13, 2020	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Feb 13, 2020

Added

Feb 13, 2020

Modified

Mar 25, 2026

Description

Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet generation crashes if: message is large enough that message-parser returns multiple body blocks The first block(s) don't contain the full snippet (e.g. full of whitespace) input ends with '>'

Solution

freebsd-upgrade-package-dovecot

References

CVE-2020-7046
https://attackerkb.com/topics/CVE-2020-7046
CWE-835
EUVD-EUVD-2020-28180
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-28180

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report