{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-07T20:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dovecot.org/security.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.dovecot.org/security.html", "refsource": "MISC", "url": "https://www.dovecot.org/security.html"}, {"name": "http://www.openwall.com/lists/oss-security/2019/08/28/3", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"name": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html", "refsource": "CONFIRM", "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.604Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dovecot.org/security.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11500", "datePublished": "2019-08-29T13:51:46", "dateReserved": "2019-04-24T00:00:00", "dateUpdated": "2024-08-04T22:55:40.604Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "88D5E505-A17F-45AE-8E1D-DA0F8E5AB532", "versionEndExcluding": "2.2.36.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EDA13EB-417C-4DA7-A7F8-719D3B13F8F8", "versionEndExcluding": "2.3.7.2", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:pigeonhole:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A7D824-F6F2-4988-9FBA-3859B376AEB8", "versionEndExcluding": "0.5.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}, {"lang": "es", "value": "En Dovecot versiones anteriores a 2.2.36.4 y versiones 2.3.x anteriores a 2.3.7.2 (y Pigeonhole versiones anteriores a 0.5.7.2), el procesamiento del protocolo puede fallar para cadenas entre comillas. Esto ocurre porque los caracteres '\\0' se manejan inapropiadamente y pueden generar escrituras fuera de l\u00edmites y ejecuci\u00f3n de c\u00f3digo remota."}], "id": "CVE-2019-11500", "lastModified": "2023-11-07T03:03:02.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T14:15:11.037", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dovecot.org/security.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue. Upstream acknowledges Nick Roessler (University of Pennsylvania) and Rafi Rubin (University of Pennsylvania) as the original reporters.", "affected_release": [{"advisory": "RHSA-2019:2885", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "dovecot-1:2.0.9-22.el6_10.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2836", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "dovecot-1:2.2.36-3.el7_7.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2822", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dovecot-1:2.2.36-5.el8_0.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-20T00:00:00Z"}], "bugzilla": {"description": "dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes", "id": "1741141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741141"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.", "A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-11500", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "dovecot", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-08-28T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11500\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11500\nhttps://dovecot.org/pipermail/dovecot-news/2019-August/000418.html"], "threat_severity": "Important", "upstream_fix": "dovecot 2.3.7.2, dovecot 2.2.36.4"}