vulnerability

SUSE: CVE-2019-11500: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 28, 2019
Added
Sep 25, 2019
Modified
Oct 22, 2021

Description

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Solution(s)

suse-upgrade-dovecot22suse-upgrade-dovecot22-backend-mysqlsuse-upgrade-dovecot22-backend-pgsqlsuse-upgrade-dovecot22-backend-sqlitesuse-upgrade-dovecot22-develsuse-upgrade-dovecot23suse-upgrade-dovecot23-backend-mysqlsuse-upgrade-dovecot23-backend-pgsqlsuse-upgrade-dovecot23-backend-sqlitesuse-upgrade-dovecot23-develsuse-upgrade-dovecot23-ftssuse-upgrade-dovecot23-fts-lucenesuse-upgrade-dovecot23-fts-solrsuse-upgrade-dovecot23-fts-squat
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.