search for: x1021

...as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs. Steps to reproduce: This bug is best observed using valgrind to see the out of bounds read with following snippet: perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\" \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143 Solution: Operators should update to the latest Patch Release. There is no workaround for the issue. --- Aki Tuomi Open-Xchange oy -------------- next part --------...

...as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs. Steps to reproduce: This bug is best observed using valgrind to see the out of bounds read with following snippet: perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\" \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143 Solution: Operators should update to the latest Patch Release. There is no workaround for the issue. --- Aki Tuomi Open-Xchange oy -------------- next part --------...

On 2019.08.28. 15:10, Aki Tuomi via dovecot wrote: > > Steps to reproduce: > > This bug is best observed using valgrind to see the out of bounds read > with following snippet: > > perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\" > \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143 > > Hi! Before I had 2.2.25 and returned result was: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN]...

...ot;, "X242", "X243", "X244", "X245", "X246", "X254", "X255", "X256", "X257", "X295", "X296", "X303", "X305", "X306", "X307", "X91", "X1021", "X213", "X224", "X235", "X316", "X518", "X629", "X6310", "X6411", "X6512", "X8213", "X10114", "X10215", "X11516", "X11617", "X12618", "...