CVE-2019-19722 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-19722 REJECTED

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

EPSS 1.39% · 80.2th percentile

Risk Scores

EPSS Score

1.39%

80.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	dovecot	0, 1:2.2.18-2ubuntu2, 1:2.2.22-1ubuntu1
Ubuntu:18.04:LTS	dovecot	0, 1:2.2.27-3ubuntu1, 1:2.2.33.2-1ubuntu1

Timeline

Dec 12, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-19722 third-party-advisory
https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432 third-party-advisory
https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b third-party-advisory
https://github.com/dovecot/core/commit/82c948db496cdc2d25b40eb8613c1eaa5c622384 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-19722 third-party-advisory

Open in Interactive Console →