CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Configurations

Configuration 1

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:pigeonhole:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Information

Published : 2019-08-29 02:15

Updated : 2019-09-06 03:15


NVD link : CVE-2019-11500

Mitre link : CVE-2019-11500

Products Affected
No products.
CWE