VDB

ALPINE-CVE-2020-7957

ALPINE-CVE-2020-7957 PUBLISHED CVSS 5.300000190734863 MEDIUM

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Alpine:v3.23dovecot2.3.9.2-r0, 1.1.11-r0, 1.1.11-r1
Alpine:v3.15dovecot2.0.12-r2, 2.3.9.2-r0, 2.3.9-r0
Alpine:v3.14dovecot2.3.9-r0, 2.1.1-r0, 1.2.8-r0
Alpine:v3.9dovecot2.3.7.2-r1, 2.3.7.2-r0, 2.3.6-r0
Alpine:v3.10dovecot1.2.10-r0, 1.1.13-r0, 1.1.14-r0
Alpine:v3.19dovecot2.0.10-r0, 2.0.1-r0, 1.2.9-r0
Alpine:v3.16dovecot2.2.25-r1, 2.0.11-r1, 2.0.11-r0
Alpine:v3.17dovecot1.1.14-r0, 1.2.11-r0, 0
Alpine:v3.21dovecot2.2.4-r0, 2.0.9-r0, 2.0.9-r1
Alpine:v3.22dovecot1.2.8-r0, 1.2.7-r0, 1.2.6-r1
Alpine:v3.12dovecot1.2.10-r0, 0, 1.1.11-r0
Alpine:v3.8dovecot0, 1.1.11-r0, 1.1.11-r1
Alpine:v3.18dovecot1.2.7-r0, 1.2.6-r1, 1.2.6-r0
Alpine:v3.20dovecot2.3.6-r1, 2.2.5-r1, 2.3.9.2-r0
Alpine:v3.11dovecot2.2.2-r0, 2.2.19-r2, 1.1.11-r0
Alpine:v3.13dovecot0, 1.1.11-r0, 1.1.13-r0

Timeline

  • Feb 12, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›