Remote Code Execution Vulnerability in Dovecot and Pigeonhole Protocol Processing
CVE-2019-11500 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Learn more about our Web Application Penetration Testing UK.