Bug 1709244 (CVE-2019-11494) - CVE-2019-11494 dovecot: premature disconnection from client during AUTH command leads to crash and possible DoS
Summary: CVE-2019-11494 dovecot: premature disconnection from client during AUTH comma...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-11494
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1709245
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-13 09:10 UTC by Marian Rehak
Modified: 2019-09-29 15:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:55:27 UTC


Attachments (Terms of Use)

Description Marian Rehak 2019-05-13 09:10:40 UTC
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Upstream Bug:

https://dovecot.org/list/dovecot-news/2019-April/000409.html

Comment 1 Marian Rehak 2019-05-13 09:10:54 UTC
Created dovecot tracking bugs for this issue:

Affects: fedora-all [bug 1709245]

Comment 2 Bojan Smojver 2019-05-31 00:53:02 UTC
No builds for F30 to fix this. I asked several times in bug #1672622, but no action has been taken there.


Note You need to log in before you can comment on or make changes to this bug.