NVD – CVE-2020-10726

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

NVD – CVE-2020-10957

CVE-2020-10957 Detail

Modified


This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Source:  MITRE
View Analysis Description

Analysis Description

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Source:  MITRE

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

Change History

6 change records found – show changes

CVE Modified by MITRE5/21/2020 11:15:09 PM

Action Type Old Value New Value
Added Reference
https://usn.ubuntu.com/4361-1/ [No Types Assigned]

CVE Modified by MITRE5/21/2020 1:15:11 AM

Action Type Old Value New Value
Added Reference
https://www.debian.org/security/2020/dsa-4690 [No Types Assigned]

CVE Modified by MITRE5/19/2020 6:15:11 PM

Action Type Old Value New Value
Added Reference
http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html [No Types Assigned]

Initial Analysis5/19/2020 2:03:27 PM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:* versions up to (excluding) 2.3.10.1
Added CVSS V2
NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE
NIST CWE-476
Changed Reference Type
http://seclists.org/fulldisclosure/2020/May/37 No Types Assigned
http://seclists.org/fulldisclosure/2020/May/37 Exploit, Third Party Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2020/05/18/1 No Types Assigned
http://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List, Third Party Advisory
Changed Reference Type
https://dovecot.org/security No Types Assigned
https://dovecot.org/security Vendor Advisory
Changed Reference Type
https://www.openwall.com/lists/oss-security/2020/05/18/1 No Types Assigned
https://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List, Third Party Advisory

CVE Modified by MITRE5/19/2020 1:15:09 PM

Action Type Old Value New Value
Added Reference
http://seclists.org/fulldisclosure/2020/May/37 [No Types Assigned]

CVE Modified by MITRE5/18/2020 11:15:10 AM

Action Type Old Value New Value
Changed Description
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login or lmtp.
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Added Reference
http://www.openwall.com/lists/oss-security/2020/05/18/1 [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2020-10957
NVD Published Date:
05/18/2020
NVD Last Modified:
05/21/2020

NVD – CVE-2020-10958

Modified


This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.

NVD – CVE-2020-10967

Modified


This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

NVD – CVE-2020-10995

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

NVD – CVE-2020-11078

Undergoing Analysis


This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary.

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

NVD – CVE-2020-1111

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

NVD – CVE-2020-1112

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

NVD – CVE-2020-1113

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

NVD – CVE-2020-1114

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].