1709244 – (CVE-2019-11494) CVE-2019-11494 dovecot: premature disconnection from client during AUTH command leads to crash and possible DoS

Bug 1709244 (CVE-2019-11494) - CVE-2019-11494 dovecot: premature disconnection from client during AUTH command leads to crash and possible DoS

Summary: CVE-2019-11494 dovecot: premature disconnection from client during AUTH comma...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-11494
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1709245
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-13 09:10 UTC by Marian Rehak
Modified:	2019-09-29 15:13 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-10 10:55:27 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-05-13 09:10:40 UTC

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Upstream Bug:

https://dovecot.org/list/dovecot-news/2019-April/000409.html

Comment 1 Marian Rehak 2019-05-13 09:10:54 UTC

Created dovecot tracking bugs for this issue:

Affects: fedora-all [bug 1709245]

Comment 2 Bojan Smojver 2019-05-31 00:53:02 UTC

No builds for F30 to fix this. I asked several times in bug #1672622, but no action has been taken there.

Note You need to log in before you can comment on or make changes to this bug.