vulnerability
Red Hat: CVE-2019-11500: CVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 29, 2019 | Sep 23, 2019 | Jul 9, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 29, 2019
Added
Sep 23, 2019
Modified
Jul 9, 2025
Description
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Solution(s)
no-fix-redhat-rpm-packageredhat-upgrade-dovecotredhat-upgrade-dovecot-debuginforedhat-upgrade-dovecot-debugsourceredhat-upgrade-dovecot-develredhat-upgrade-dovecot-mysqlredhat-upgrade-dovecot-mysql-debuginforedhat-upgrade-dovecot-pgsqlredhat-upgrade-dovecot-pgsql-debuginforedhat-upgrade-dovecot-pigeonholeredhat-upgrade-dovecot-pigeonhole-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.