CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Published: Aug 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11500
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
dovecot / dovecot	-	2.2.36.4
dovecot / dovecot	2.3.0	2.3.7.2
dovecot / pigeonhole	-	0.5.7.2
debian / debian_linux	8.0	8.0.x
fedoraproject / fedora	30	30.x

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html
http://www.openwall.com/lists/oss-security/2019/08/28/3
https://access.redhat.com/errata/RHSA-2019:2822
https://access.redhat.com/errata/RHSA-2019:2836
https://access.redhat.com/errata/RHSA-2019:2885
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/
https://lists.fedoraproject.org/archives/list/[email protected]/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/
https://security.gentoo.org/glsa/201908-29
https://www.dovecot.org/security.html

Vulnerability Database

289,784

CVE-2019-11500