Dovecot 2.3.10.1 Vulnerability: Remote Crash via Empty Localpart in Mail

Dovecot 2.3.10.1 Vulnerability: Remote Crash via Empty Localpart in Mail

CVE-2020-10967 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

Learn more about our Web Application Penetration Testing UK.