As per upstream: Vulnerability Details: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. Risk: Malicious actor can cause denial of service to mail delivery by repeatedly sending mails with bad content.
Created attachment 1710593 [details] CVE-2020-12100 patch from upstream
Mitigation: Upstream suggests that this flaw can be mitigated by limiting MIME structures in MTA
Acknowledgments: Name: the Dovecot project
External References: https://dovecot.org/pipermail/dovecot-news/2020-August/000441.html
Created dovecot tracking bugs for this issue: Affects: fedora-all [bug 1868539]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3617 https://access.redhat.com/errata/RHSA-2020:3617
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12100
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3713 https://access.redhat.com/errata/RHSA-2020:3713
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3735 https://access.redhat.com/errata/RHSA-2020:3735
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3736 https://access.redhat.com/errata/RHSA-2020:3736