CVE-2020-7046
First published: Wed Feb 12 2020(Updated: )
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dovecot Dovecot | >=2.3.9<2.3.9.3 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/02/12/1
- https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html
- https://dovecot.org/security
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XYT55WH372BJOXCJRKBDIFGBMPVOIDT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJXHOUT3FH2DJNMACSX4GHPP4MUV4UKA/
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-7046.
What is the title of this vulnerability?
The title of this vulnerability is 'lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 dat…'.
What is the severity level of CVE-2020-7046?
CVE-2020-7046 has a severity level of high.
Which software is affected by CVE-2020-7046?
Dovecot version 2.3.9 before 2.3.9.3 and Fedora versions 30 and 31 are affected by CVE-2020-7046.
How can I fix the vulnerability CVE-2020-7046?
To fix the vulnerability CVE-2020-7046, you should update Dovecot to version 2.3.9.3 or later.
- collector/nvd-index
- vendor/dovecot
- canonical/dovecot dovecot
- version/dovecot dovecot/2.3.9
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31