Dovecot CVE-2019-7524 Stack Buffer Overflow Vulnerability



Dovecot is prone to a stack-based buffer-overflow vulnerability.

Attackers can exploit this issue to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
Dovecot versions 2.0.14 through 2.3.5 are vulnerable.

Information

Bugtraq ID: 107672
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2019-9956

Remote: Yes
Local: No
Published: Apr 02 2019 12:00AM
Updated: Apr 02 2019 12:00AM
Credit: Aki Tuomi
Vulnerable: Dovecot Dovecot 2.3.5
Dovecot Dovecot 2.3.4
Dovecot Dovecot 2.3.2
Dovecot Dovecot 2.3
Dovecot Dovecot 2.2.28
Dovecot Dovecot 2.2.7
Dovecot Dovecot 2.2.5
Dovecot Dovecot 2.2.4
Dovecot Dovecot 2.2.2
Dovecot Dovecot 2.2.1
Dovecot Dovecot 2.1.17
Dovecot Dovecot 2.1.16
Dovecot Dovecot 2.1.15
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.2.9
Dovecot Dovecot 2.2.8
Dovecot Dovecot 2.2.6
Dovecot Dovecot 2.2.3
Dovecot Dovecot 2.2.29
Dovecot Dovecot 2.2.26.1
Dovecot Dovecot 2.2.26.0
Dovecot Dovecot 2.2.25.1
Dovecot Dovecot 2.2.16
Dovecot Dovecot 2.2.13 -
Dovecot Dovecot 2.2.10
Dovecot Dovecot 2.2.0
Dovecot Dovecot 2.2
Dovecot Dovecot 2.1.8
Dovecot Dovecot 2.1.7
Dovecot Dovecot 2.1.6
Dovecot Dovecot 2.1.5
Dovecot Dovecot 2.1.4
Dovecot Dovecot 2.1.3
Dovecot Dovecot 2.1.2
Dovecot Dovecot 2.1.14
Dovecot Dovecot 2.1.13
Dovecot Dovecot 2.1.12
Dovecot Dovecot 2.1.11
Dovecot Dovecot 2.1.10
Dovecot Dovecot 2.1.1
Dovecot Dovecot 2.1.0
Dovecot Dovecot 2.0.9
Dovecot Dovecot 2.0.8
Dovecot Dovecot 2.0.7
Dovecot Dovecot 2.0.6
Dovecot Dovecot 2.0.5
Dovecot Dovecot 2.0.16
Dovecot Dovecot 2.0.15
Dovecot Dovecot 2.0.14


Not Vulnerable: Dovecot Dovecot 2.3.5.1
Dovecot Dovecot 2.2.36.3


Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


Related Posts