Remote Code Execution Vulnerability in Dovecot and Pigeonhole Protocol Processing

Remote Code Execution Vulnerability in Dovecot and Pigeonhole Protocol Processing

CVE-2019-11500 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Learn more about our Web Application Penetration Testing UK.