Dovecot.and.Pigeonhole.Memory.Corruption
Description
This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Dovecot Pigeonhole.
A remote attacker could exploit this vulnerability by sending a crafted IMAP command. Successful exploitation will permit the attacker to execute arbitrary code with the privileges of the Dovecot imap-login service.
Affected Products
Dovecot Dovecot prior to 2.2.36.4
Dovecot Dovecot prior to 2.3.7.2
Dovecot Pigeonhole prior to 0.5.7.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |