CVE-2019-7524

Priority
Description
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can
cause a buffer overflow in the indexer-worker process, which can be used to
elevate to root. This occurs because of missing checks in the fts and
pop3-uidl components.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.3.5.1, 2.2.36.3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:2.2.9-1ubuntu2.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.2.22-1ubuntu2.10)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.2.33.2-1ubuntu4.3)
More Information

Updated: 2020-07-28 20:07:50 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)