Displaying 2 results from an estimated 2 matches for "devcore".
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
...ecot IMAP server
Internal reference: DOP-1869 (Bug ID)
Vulnerability type: CWE-126 (Buffer over-read)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference: CVE-2020-12674
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's RPA mechanism implementation accepts zero-length message,
which leads to assert-crash later on
Risk:
An adversary can use this vulnerability to crash dovecot auth proce...
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
...ecot IMAP server
Internal reference: DOP-1869 (Bug ID)
Vulnerability type: CWE-126 (Buffer over-read)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference: CVE-2020-12674
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's RPA mechanism implementation accepts zero-length message,
which leads to assert-crash later on
Risk:
An adversary can use this vulnerability to crash dovecot auth proce...