VDB

ALPINE-CVE-2019-3814

ALPINE-CVE-2019-3814 PUBLISHED CVSS 6.800000190734863 MEDIUM

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Risk Scores

CVSS v3.0
6.800000190734863
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.9dovecot2.0.17-r2, 1.1.11-r0, 1.1.11-r1
Alpine:v3.7dovecot2.1.5-r0, 0, 1.1.11-r0
Alpine:v3.18dovecot2.2.5-r1, 2.2.5-r1, 2.2.34-r3
Alpine:v3.21dovecot2.2.23-r0, 1.1.15-r0, 2.2.19-r1
Alpine:v3.13dovecot2.2.27-r2, 2.0.8-r0, 1.2.11-r5
Alpine:v3.15dovecot2.3.3-r0, 2.2.7-r0, 2.2.32-r0
Alpine:v3.10dovecot2.1.2-r0, 1.2.12-r2, 1.1.11-r0
Alpine:v3.22dovecot2.3.2.1-r4, 1.2.13-r1, 2.0.16-r0
Alpine:v3.16dovecot1.2.8-r0, 2.1.5-r0, 2.1.15-r0
Alpine:v3.14dovecot2.2.25-r1, 2.2.11-r0, 2.0.6-r0
Alpine:v3.12dovecot1.2.12-r2, 2.2.15-r1, 2.2.15-r2
Alpine:v3.8dovecot1.2.11-r5, 0, 1.1.11-r0
Alpine:v3.19dovecot2.2.5-r2, 1.1.11-r0, 1.1.11-r1
Alpine:v3.20dovecot2.1.7-r0, 2.1.4-r0, 2.2.4-r0
Alpine:v3.23dovecot2.3.3-r0, 0, 1.1.13-r0
Alpine:v3.17dovecot1.2.12-r2, 2.2.4-r0, 2.2.19-r2
Alpine:v3.6dovecot1.2.11-r0, 1.2.10-r0, 1.2.1-r0
Alpine:v3.11dovecot2.1.3-r0, 2.1.14-r0, 2.1.13-r0

Timeline

  • Mar 27, 2019 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›