VDB

ALPINE-CVE-2020-25275

ALPINE-CVE-2020-25275 PUBLISHED CVSS 7.5 HIGH

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.15dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.17dovecot2.2.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.11dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.18dovecot1.1.11-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.10dovecot1.1.11-r0, 1.1.11-r1, 1.1.13-r0
Alpine:v3.23dovecot2.3.9.3-r0, 1.2.11-r1, 1.1.11-r0
Alpine:v3.13dovecot2.3.9.3-r0, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.22dovecot0, 1.1.11-r0, 1.1.11-r1
Alpine:v3.14dovecot1.1.11-r0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.20dovecot1.1.14-r0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.19dovecot0, 2.3.9.3-r0, 2.3.9.2-r0
Alpine:v3.21dovecot2.3.9.3-r0, 0, 1.1.11-r0
Alpine:v3.16dovecot2.1.0-r0, 1.1.11-r1, 1.1.13-r0
Alpine:v3.12dovecot1.1.11-r0, 1.1.11-r1, 1.1.13-r0

Timeline

  • Jan 4, 2021 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›