FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- json encoder crash

Affected packages
2.3.0 <= dovecot <
2.3.0 <= dovecot2 <


VuXML ID a64aa22f-61ec-11e9-85b9-a4badb296695
Discovery 2019-04-09
Entry 2019-04-18
Modified 2019-05-26

Aki Tuomi reports:

* CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used.


CVE Name CVE-2019-10691