vulnerability
SUSE: CVE-2019-11500: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 28, 2019 | Sep 25, 2019 | Oct 22, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 28, 2019
Added
Sep 25, 2019
Modified
Oct 22, 2021
Description
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Solution(s)
suse-upgrade-dovecot22suse-upgrade-dovecot22-backend-mysqlsuse-upgrade-dovecot22-backend-pgsqlsuse-upgrade-dovecot22-backend-sqlitesuse-upgrade-dovecot22-develsuse-upgrade-dovecot23suse-upgrade-dovecot23-backend-mysqlsuse-upgrade-dovecot23-backend-pgsqlsuse-upgrade-dovecot23-backend-sqlitesuse-upgrade-dovecot23-develsuse-upgrade-dovecot23-ftssuse-upgrade-dovecot23-fts-lucenesuse-upgrade-dovecot23-fts-solrsuse-upgrade-dovecot23-fts-squat
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.