Vulnerability Description
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dovecot | Dovecot | 1.2.0 |
Related Weaknesses (CWE)
References
- http://dovecot.org/pipermail/dovecot/2011-May/059085.htmlPatch
- http://dovecot.org/pipermail/dovecot/2011-May/059086.htmlPatch
- http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21cPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
- http://openwall.com/lists/oss-security/2011/05/18/4Patch
- http://openwall.com/lists/oss-security/2011/05/19/3Patch
- http://openwall.com/lists/oss-security/2011/05/19/6Patch
- http://osvdb.org/72495
- http://secunia.com/advisories/44683
- http://secunia.com/advisories/44712
- http://secunia.com/advisories/44756
- http://secunia.com/advisories/44771
- http://secunia.com/advisories/44827
FAQ
What is CVE-2011-1929?
CVE-2011-1929 is a vulnerability with a CVSS score of 5.0 (MEDIUM). lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of ser...
How severe is CVE-2011-1929?
CVE-2011-1929 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1929?
Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot.