Aki Tuomi
2021-Jan-04 12:03 UTC
[Dovecot-news] CVE-2020-25275: MIME parsing crashes with particular messages
Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4113 (Bug ID) Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-09-10 Solution date: 2020-09-14 Public disclosure: 2021-01-04 CVE reference: CVE-2020-25275 CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Researcher credit: Innokentii Sennovskiy (Rumata888) from BI.ZONE Vulnerability Details: Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. Risk: Malicious sender can crash dovecot repeatedly by sending / uploading message with more than 10 000 MIME parts. Workaround: These are usually dropped by MTA, where the mitigation can also be applied. Solution: Operators should update to 2.3.13 or later version. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20210104/2476f611/attachment-0001.sig>
Reasonably Related Threads
- CVE-2020-25275: MIME parsing crashes with particular messages
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion.
- CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion.