[Dovecot-news] v2.2.36.3 released

Aki Tuomi aki.tuomi at open-xchange.com
Thu Mar 28 13:41:08 EET 2019


    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.

Aki Tuomi
Open-Xchange oy

More information about the Dovecot-news mailing list