A vulnerability was found in dovecot 2.3.0 before 2.3.10 where, by sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service.
Acknowledgments: Name: Philippe Antoine (Catena Cyber)
Created dovecot tracking bugs for this issue: Affects: fedora-all [bug 1836935]
External References: https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10958
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4763 https://access.redhat.com/errata/RHSA-2020:4763