Vulnerability Description
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dovecot | Dovecot | >= 2.3.9, < 2.3.9.3 |
| Fedoraproject | Fedora | 30 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/02/12/1Mailing ListThird Party Advisory
- https://dovecot.org/pipermail/dovecot-news/2020-February/000431.htmlMailing ListVendor Advisory
- https://dovecot.org/securityVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://www.openwall.com/lists/oss-security/2020/02/12/1Mailing ListThird Party Advisory
- https://dovecot.org/pipermail/dovecot-news/2020-February/000431.htmlMailing ListVendor Advisory
- https://dovecot.org/securityVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2020-7046?
CVE-2020-7046 is a vulnerability with a CVSS score of 7.5 (HIGH). lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login inf...
How severe is CVE-2020-7046?
CVE-2020-7046 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7046?
Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot, Fedoraproject Fedora.