Candidate: CVE-2020-7046
CRD: 2020-02-12 12:00:00 UTC
PublicDate: 2020-02-12 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7046
Description:
 lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3
 mishandles truncated UTF-8 data in command parameters, as demonstrated by
 the unauthenticated triggering of a submission-login infinite loop.
Ubuntu-Description:
Notes:
 mdeslaur> 2.3.9 only
 mdeslaur> introduced by 8f08f1944be438a2422b604c08e5060b5c7bd72f
Mitigation:
Bugs:
Priority: medium
Discovered-by: Open-Xchange oy
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_dovecot:
upstream_dovecot: needs-triage
precise/esm_dovecot: not-affected (code not present)
trusty_dovecot: ignored (out of standard support)
trusty/esm_dovecot: not-affected (code not present)
xenial_dovecot: not-affected (code not present)
esm-infra/xenial_dovecot: not-affected (code not present)
bionic_dovecot: not-affected (code not present)
eoan_dovecot: not-affected (code not present)
devel_dovecot: not-affected (code not present)