FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
abaaecda-ea16-43e2-bad0-d34a9ac576b1Dovecot -- improper input validation

Aki Tuomi reports:

Vulnerability Details: IMAP and ManageSieve protocol parsers do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Risk: This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 bytes in pre-login phase, and 65536 bytes post-login phase, allowing sufficiently skilled attacker to perform complicated attacks that can lead to leaking private information or remote code execution. Abuse of this bug is very difficult to observe, as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs.


Discovery 2019-04-13
Entry 2019-08-28
dovecot
< 2.3.7.2

dovecot-pigeonhole
< 0.5.7.2

https://dovecot.org/pipermail/dovecot/2019-August/116874.html
CVE-2019-11500
bd98066d-4ea4-11eb-b412-e86a64caca56mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports:

When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server.

Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100.


Discovery 2020-08-17
Entry 2021-01-04
dovecot
< 2.3.13

https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
CVE-2020-24386
CVE-2020-25275
74db0d02-b140-4c32-aac6-1f1e81e1ad30dovecot -- multiple vulnerabilities

Aki Tuomi reports:

lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it.

Aki also reports:

Snippet generation crashes if: message is large enough that message-parser returns multiple body blocks The first block(s) don't contain the full snippet (e.g. full of whitespace) input ends with '>'


Discovery 2020-01-14
Entry 2020-02-13
dovecot
< 2.3.9.3

https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html
CVE-2020-7046
CVE-2020-7967
37d106a8-15a4-483e-8247-fcb68b16eaf8Dovecot -- Multiple vulnerabilities

Aki Tuomi reports:

Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted MTA. Steps to reproduce: Send ``NOOP EE"FY`` to submission port, or similarly malformed command.

Vulnerability Details: Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted MTA. Steps to reproduce: This can be currently reproduced with ASAN or Valgrind. Reliable way to crash has not yet been discovered.

Vulnerability Details: Sending mail with empty quoted localpart causes submission or lmtp component to crash. Risk: Malicious actor can cause denial of service to mail delivery by repeatedly sending mails with bad sender or recipient address. Steps to reproduce: Send mail with envelope sender or recipient as <""@example.org>. Workaround: For submission there is no workaround, but triggering the bug requires valid credentials. For lmtp, one can implement sufficient filtering on MTA level to prevent mails with such addresses from ending up in LMTP delivery.


Discovery 2020-04-02
Entry 2020-05-18
dovecot
< 2.3.10.1

https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
CVE-2020-10957
CVE-2020-10958
CVE-2020-10967
87a07de1-e55e-4d51-bb64-8d117829a26amail/dovecot -- multiple vulnerabilities

Aki Tuomi reports:

Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory..

Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash

lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash.

Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on.


Discovery 2020-04-23
Entry 2020-08-13
dovecot
< 2.3.11

https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
CVE-2020-12100
CVE-2020-12673
CVE-2020-10967
CVE-2020-12674