#VU27981 NULL pointer dereference in Dovecot - CVE-2020-10957


Vulnerability identifier: #VU27981

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-10957

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Dovecot
Server applications / Mail servers

Vendor: Dovecot

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing NOOP command. A remote attacker can send a specially crafted NOOP command to submission, submission-login or lmtp service, trigger a NULL pointer dereference and perform a denial of service attack.

PoC command:

``NOOP EE"FY``

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Dovecot: 2.3.0 - 2.3.10

External links
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://seclists.org/oss-sec/2020/q2/122

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


openEuler 20.03 LTS update for dovecot
Red Hat Enterprise Linux 8 update for dovecot
OpenSUSE Linux update for dovecot23
Debian update for dovecot
Arch Linux update for dovecot
Fedora 30 update for dovecot
Fedora 31 update for dovecot
Fedora 32 update for dovecot
Ubuntu update for Dovecot
Multiple vulnerabilities in Dovecot IMAP server