{"id":"OESA-2021-1042","summary":"dovecot security update","details":"\r\n\r\nSecurity Fix(es):\r\n\r\nDovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.(CVE-2020-25275)\r\n\r\nAn issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).(CVE-2020-24386)","modified":"2026-03-11T05:55:39.563618Z","published":"2021-03-05T11:02:37Z","upstream":["CVE-2020-24386","CVE-2020-25275"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1042"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25275"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24386"}],"affected":[{"package":{"name":"dovecot","ecosystem":"openEuler:20.03-LTS","purl":"pkg:rpm/openEuler/dovecot&distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.10.1-4.oe1"}]}],"ecosystem_specific":{"src":["dovecot-2.3.10.1-4.oe1.src.rpm","dovecot-2.3.10.1-4.oe1.src.rpm"],"x86_64":["dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm","dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm"],"aarch64":["dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm","dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1042.json"}},{"package":{"name":"dovecot","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/dovecot&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.10.1-4.oe1"}]}],"ecosystem_specific":{"src":["dovecot-2.3.10.1-4.oe1.src.rpm"],"x86_64":["dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm"],"aarch64":["dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1042.json"}}],"schema_version":"1.7.5"}