What is CVE-2020-7046?

CVE-2020-7046 is a high-severity vulnerability in N/a. CVSS score: 7.5/10. Published 2020-02-12.

How severe is CVE-2020-7046?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in N/a

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.

EPSS: 0.504 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N.

Affected products

N/a — versions n/a

References

dovecot.org/security (x_refsource_MISC)
www.openwall.com/lists/oss-security/2020/02/12/1 (x_refsource_CONFIRM)
dovecot.org/pipermail/dovecot-news/2020-February/000431.html (x_refsource_CONFIRM)
FEDORA-2020-10a58fda28 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-0e6a67af5a (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2020-7046?: CVE-2020-7046 is a high-severity vulnerability in N/a. CVSS score: 7.5/10. Published 2020-02-12.
How severe is CVE-2020-7046?: High severity. CVSS v3 base score is 7.5 out of 10.