CVE-2019-7524 (retired)

Priority
Description
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can
cause a buffer overflow in the indexer-worker process, which can be used to
elevate to root. This occurs because of missing checks in the fts and
pop3-uidl components.
Assigned-to
mdeslaur
Package
Upstream:released (2.3.5.1, 2.2.36.3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2.2.9-1ubuntu2.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.2.22-1ubuntu2.10)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.2.33.2-1ubuntu4.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:2.3.2.1-1ubuntu3.2)
Ubuntu 19.04 (Disco Dingo):released (1:2.3.4.1-1ubuntu2)
More Information

Updated: 2019-04-03 17:14:54 UTC (commit 6eaa090bb70bca15eb5802c17d29d66682bf3b62)