Dovecot Improper Input Validation Vulnerability

By GIXnews

A vulnerability in Dovecot could allow an unauthenticated, remote attacker to execute arbitrary code, access sensitive information, or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to the insufficient validation of user-supplied input in the IMAP and ManageSieve protocol parsers of the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger an out-of-bounds write condition that the attacker could use to conduct further attacks.

Dovecot has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-11500

Source:: Cisco Multivendor Vulnerability Alerts