VDB

CVE-2019-19722

CVE-2019-19722 REJECTED

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

EPSS 1.67% · 82.5th percentile

Risk Scores

EPSS Score
1.67%
82.5th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSdovecot0, 1:2.2.18-2ubuntu2, 1:2.2.22-1ubuntu1
Ubuntu:18.04:LTSdovecot0, 1:2.2.33.2-1ubuntu1, 1:2.2.33.2-1ubuntu2

Timeline

  • Dec 12, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›