Base Score

HIGH7.5

CVE-2020-12673

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 12, 2020, 16:15

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html
https://dovecot.org/security
https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/
https://security.gentoo.org/glsa/202009-02
https://usn.ubuntu.com/4456-1/
https://usn.ubuntu.com/4456-2/
https://www.debian.org/security/2020/dsa-4745
https://www.openwall.com/lists/oss-security/2020/08/12/2

Base Score

HIGH7.5

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH