VDB

ALPINE-CVE-2020-12100

ALPINE-CVE-2020-12100 PUBLISHED CVSS 7.5 HIGH

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.18dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.14dovecot0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.17dovecot0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.15dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.13dovecot2.1.7-r0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.20dovecot1.1.11-r0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.22dovecot1.2.13-r1, 1.1.11-r0, 1.1.11-r1
Alpine:v3.12dovecot0, 1.1.11-r0, 1.1.11-r1
Alpine:v3.19dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.16dovecot0, 1.1.13-r0, 1.1.14-r0
Alpine:v3.21dovecot2.2.26.0-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.23dovecot1.1.11-r0, 1.1.11-r1, 1.1.13-r0

Timeline

  • Aug 12, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›