Red Hat Bugzilla – Bug 966029
CVE-2013-2111 dovecot: DoS (daemon hang) when parsing invalid IMAP APPEND command parameters
Last modified: 2015-07-31 03:06:30 EDT
A denial of service flaw was found in the way IMAP command parser of Dovecot, IMAP and POP3 server, processed certain parameters of the IMAP APPEND command. A remote authenticated user could issue a specially-crafted IMAP APPEND command that, when processed would lead to dovecot daemon hang (infinite loop).
Relevant upstream patch:
This issue did NOT affect the versions of the dovecot package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue did NOT affect the versions of the dovecot package, as shipped with Fedora release of 17 and 18.
This issue did NOT affect the version of the dovecot package, as shipped with Fedora Rawhide (an update including the fix has been already created).
Not Vulnerable. This issue does not affect the version of dovecot as shipped with Red Hat Enterprise Linux 5 and 6.