FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
87a07de1-e55e-4d51-bb64-8d117829a26a	mail/dovecot -- multiple vulnerabilities Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. Discovery 2020-04-23 Entry 2020-08-13 dovecot < 2.3.11 https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html CVE-2020-12100 CVE-2020-12673 CVE-2020-10967 CVE-2020-12674

VuXML ID

Description

87a07de1-e55e-4d51-bb64-8d117829a26a

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports:

Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory..

Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash

lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash.

Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on.

Discovery 2020-04-23
Entry 2020-08-13
dovecot

< 2.3.11

https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
CVE-2020-12100
CVE-2020-12673
CVE-2020-10967
CVE-2020-12674