Vulnerability CVE-2020-12100

Vulnerability Name:

CVE-2020-12100 (CCN-186666)

Assigned:

2020-08-12

Published:

2020-08-12

Updated:

2022-10-29

Summary:

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-674

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-12100

Source: FULLDISC
Type: Mailing List, Third Party Advisory
20210106 CVE-2020-24386: IMAP hibernation allows accessing other peoples mail

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20200812 CVE-2020-12100: Dovecot IMAP server: Receiving mail with deeply nested MIME parts leads to resource exhaustion

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210104 CVE-2020-25275: Dovecot: MIME parsing crash

Source: MISC
Type: Vendor Advisory
https://dovecot.org/security

Source: XF
Type: UNKNOWN
dovecot-cve202012100-dos(186666)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200815 [SECURITY] [DLA 2328-1] dovecot security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-cd8b8f887b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-d737c57172

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-b8ebc4201e

Source: CCN
Type: oss-sec Mailing List, Wed, 12 Aug 2020 16:07:36 +0300
CVE-2020-12100: Dovecot IMAP server: Receiving mail with deeply nested MIME parts leads to resource exhaustion

Source: GENTOO
Type: Third Party Advisory
GLSA-202009-02

Source: UBUNTU
Type: Third Party Advisory
USN-4456-1

Source: UBUNTU
Type: Third Party Advisory
USN-4456-2

Source: DEBIAN
Type: Third Party Advisory
DSA-4745

Source: CCN
Type: Dovecot Web site
Dovecot IMAP server

Vulnerable Configuration:

Configuration 1:

cpe:/a:dovecot:dovecot:*:*:*:*:*:*:*:* (Version < 2.3.11.3)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7908	P	libIlmImf-2_2-23-2.2.1-3.41.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7982	P	wavpack-5.4.0-150000.4.15.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3473	P	dnsmasq-2.78-18.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95103	P	dovecot23-2.3.15-58.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112172	P	dovecot23-2.3.16-1.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105704	P	dovecot23-2.3.16-1.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:2235	P	dovecot23-2.3.11.3-17.5.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63324	P	dovecot23-2.3.11.3-17.5.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:110668	P	Security update for dovecot23 (Important)	2021-01-16
oval:org.opensuse.security:def:111210	P	Security update for dovecot23 (Important)	2021-01-07
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:8646	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:102753	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:68997	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:97170	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:91791	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:9392	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:69071	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:96063	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:10146	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:105431	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:97166	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:69532	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:98741	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:109419	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:97168	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:118515	P	Security update for dovecot23 (Important)	2021-01-05
oval:com.redhat.rhsa:def:20203713	P	RHSA-2020:3713: dovecot security update (Important)	2020-09-10
oval:com.redhat.rhsa:def:20203617	P	RHSA-2020:3617: dovecot security update (Important)	2020-09-03

BACK