VDB
DEBIAN-CVE-2019-11500
DEBIAN-CVE-2019-11500
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Risk Scores
CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | dovecot | 0, 0, 0 |
| Debian:11 | dovecot | 0, 0, 0 |
| Debian:14 | dovecot | 0, 0, 0 |
| Debian:12 | dovecot | 0, 0, 0 |
Timeline
- Aug 29, 2019 CVE Published
- Apr 28, 2026 CVE Updated