FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Dovecot -- Multiple vulnerabilities

Affected packages
2.3.0 <= dovecot < 2.3.6

Details

VuXML ID 3f98ccb3-6b8a-11e9-9b5c-a4badb296695
Discovery 2019-03-11
Entry 2019-04-30

Aki Tuomi reports:

Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker(s).

Aki Tuomi reports:

Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent. This can lead to denial-of-service attack by persistent attacker(s).

References

CVE Name CVE-2019-11494
CVE Name CVE-2019-11499
URL https://dovecot.org/list/dovecot-news/2019-April/000409.html
URL https://dovecot.org/list/dovecot-news/2019-April/000410.html