ALPINE-CVE-2019-19722

ALPINE-CVE-2019-19722 PUBLISHED CVSS 5.300000190734863 MEDIUM

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Alpine:v3.21	dovecot	0, 1.1.11-r0, 1.1.13-r0
Alpine:v3.23	dovecot	2.3.9-r0, 1.1.14-r1, 1.1.16-r0
Alpine:v3.16	dovecot	0, 2.3.9-r0, 2.3.8-r0
Alpine:v3.18	dovecot	2.3.9-r0, 2.3.8-r0, 2.3.7.2-r0
Alpine:v3.15	dovecot	2.1.6-r0, 0, 1.1.11-r0
Alpine:v3.11	dovecot	1.1.11-r0, 1.1.11-r1, 1.1.13-r0
Alpine:v3.20	dovecot	2.2.27-r0, 2.0.11-r1, 1.1.11-r0
Alpine:v3.12	dovecot	2.3.9-r0, 2.3.8-r0, 2.3.7.2-r0
Alpine:v3.14	dovecot	1.2.11-r3, 1.1.11-r0, 1.1.11-r1
Alpine:v3.13	dovecot	2.3.9-r0, 2.3.8-r0, 2.3.7.2-r0
Alpine:v3.19	dovecot	2.0.12-r2, 1.1.11-r0, 1.1.11-r1
Alpine:v3.22	dovecot	1.1.11-r0, 1.1.11-r1, 1.1.13-r0
Alpine:v3.17	dovecot	0, 1.1.11-r0, 1.1.14-r0

Timeline

Dec 13, 2019 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-19722 advisory

Open in Interactive Console →