Main Vulnerability Database Vulnerabilities #VU18307

#VU18307 Input validation error in Dovecot - CVE-2019-10691

Published: April 18, 2019

Vulnerability identifier: #VU18307

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10691

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Dovecot

Software vendor:
Dovecot

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to improper input validation of user-supplied characters in UTF-8 encoding within the JSON encoder. A remote unauthenticated attacker can supply a specially crafted string that contains invalid UTF-8 characters via a username during authentication process or via “From” or “Subject” headers in an email (if OX push notification driver is enabled) and crash the affected server.

Successful exploitation of the vulnerability will result in denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://www.dovecot.org/list/dovecot-news/2019-April/000406.html

#VU18307 Input validation error in Dovecot - CVE-2019-10691

Description

Remediation

External links

Please verify you're human