[Dovecot] CVE-2012-5620

Timo Sirainen tss at iki.fi
Tue Dec 4 18:03:10 EET 2012


This CVE isn't worthy of existence. A user can crash his/her own IMAP session by issuing a specific SEARCH command, which is just slightly worse than user issuing a LOGOUT command. It took years for people to notice this bug, because just about no IMAP client issues such a command.




More information about the dovecot mailing list