What is CVE-2019-11500?

CVE-2019-11500 is a vulnerability in N/a. Published 2019-08-29.

Is CVE-2019-11500 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code…

EPSS: 0.623 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.dovecot.org/security.html (x_refsource_MISC)
www.openwall.com/lists/oss-security/2019/08/28/3 (x_refsource_CONFIRM)
dovecot.org/pipermail/dovecot-news/2019-August/000417.html (x_refsource_CONFIRM)
[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update (mailing-list, x_refsource_MLIST)
FEDORA-2019-3844281be1 (vendor-advisory, x_refsource_FEDORA)
GLSA-201908-29 (vendor-advisory, x_refsource_GENTOO)
FEDORA-2019-59d60bd1fa (vendor-advisory, x_refsource_FEDORA)
FEDORA-2019-ea638fb605 (vendor-advisory, x_refsource_FEDORA)
RHSA-2019:2822 (vendor-advisory, x_refsource_REDHAT)
RHSA-2019:2836 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2019-11500?: CVE-2019-11500 is a vulnerability in N/a. Published 2019-08-29.
Is CVE-2019-11500 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.