Submission-Login and LMTP Vulnerability: Truncated UTF-8 Data Loop

Submission-Login and LMTP Vulnerability: Truncated UTF-8 Data Loop

CVE-2020-7046 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.

Learn more about our Web Application Penetration Testing UK.