[Dovecot-news] CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion.
aki.tuomi at dovecot.fi
Wed Aug 12 16:07:38 EEST 2020
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1849 (Bug ID)
Vulnerability type: Uncontrolled recursion (CWE-674)
Vulnerable version: 2.0
Vulnerable component: submission, lmtp, lda
Fixed version: 22.214.171.124
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-04-23
CVE reference: CVE-2020-12100
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Receiving mail with deeply nested MIME parts leads to resource
exhaustion as Dovecot attempts to
Malicious actor can cause denial of service to mail delivery by
repeatedly sending mails with bad
Limit MIME structures in MTA.
Upgrade to fixed version.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Dovecot-news