In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
References
Configurations
History
07 Nov 2023, 03:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Feb 2023, 02:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB/ - Mailing List, Third Party Advisory |
Information
Published : 2019-12-13 17:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19722
Mitre link : CVE-2019-19722
CVE.ORG link : CVE-2019-19722
JSON object : View
Products Affected
fedoraproject
- fedora
dovecot
- dovecot
CWE
CWE-476
NULL Pointer Dereference