search for: sennovskii

...lmtp, lda Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.15 Vendor notification: 2020-09-23 Solution date: 2020-12-07 Public disclosure: 2021-06-21 CVE reference: CVE-2020-28200 CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Researcher credit: Innokentii Sennovskii from BI.ZONE Vulnerability Details: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Especially scripts using massive amounts of regexps. Risk: Attacker can DoS the mail delivery system by using excessive amount of CPU and/or reaching the lmtp/lda p...

...lmtp, lda Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.15 Vendor notification: 2020-09-23 Solution date: 2020-12-07 Public disclosure: 2021-06-21 CVE reference: CVE-2020-28200 CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Researcher credit: Innokentii Sennovskii from BI.ZONE Vulnerability Details: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Especially scripts using massive amounts of regexps. Risk: Attacker can DoS the mail delivery system by using excessive amount of CPU and/or reaching the lmtp/lda p...