CVE-2011-1929
dovecot - programming error
EPSS 4.3%
Description
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
How to fix CVE-2011-1929
To remediate CVE-2011-1929, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1:2.0.13-1 or later
- Debian/dovecot—upgrade to 1:1.2.15-7 or later
Is CVE-2011-1929 being exploited?
Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:2.0.13-1
- from 0, < 1:1.2.15-7