What is CVE-2019-11499?

CVE-2019-11499 is a vulnerability in the IMAP Server in Dovecot 2.3.3 through 2.3.5.2 that can cause the submission-login component to crash.

How does CVE-2019-11499 affect Dovecot?

CVE-2019-11499 affects Dovecot versions 2.3.3 through 2.3.5.2, potentially causing the submission-login component to crash.

What is the severity of CVE-2019-11499?

CVE-2019-11499 has a severity rating of 7.5, which is considered high.

How can I mitigate CVE-2019-11499?

To mitigate CVE-2019-11499, it is recommended to update Dovecot to a version higher than 2.3.5.2.

Where can I find more information about CVE-2019-11499?

You can find more information about CVE-2019-11499 in the following references: [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html), [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html), [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/)

Vulnerability/
CVE-2019-11499

high

7.5

8/5/2019

1/3/2023

CVE-2019-11499

First published: Wed May 08 2019(Updated: )

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dovecot Dovecot	>=2.3.3<=2.3.5.2
Fedoraproject Fedora	=29
Fedoraproject Fedora	=30
openSUSE Leap	=15.0
openSUSE Leap	=15.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11499?
CVE-2019-11499 is a vulnerability in the IMAP Server in Dovecot 2.3.3 through 2.3.5.2 that can cause the submission-login component to crash.
How does CVE-2019-11499 affect Dovecot?
CVE-2019-11499 affects Dovecot versions 2.3.3 through 2.3.5.2, potentially causing the submission-login component to crash.
What is the severity of CVE-2019-11499?
CVE-2019-11499 has a severity rating of 7.5, which is considered high.
How can I mitigate CVE-2019-11499?
To mitigate CVE-2019-11499, it is recommended to update Dovecot to a version higher than 2.3.5.2.
Where can I find more information about CVE-2019-11499?
You can find more information about CVE-2019-11499 in the following references: [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html), [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html), [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/)

collector/nvd-index
vendor/dovecot
canonical/dovecot dovecot
version/dovecot dovecot/2.3.3
version/dovecot dovecot/2.3.5.2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/29
version/fedoraproject fedora/30
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.