vulnerability

FreeBSD: VID-74db0d02-b140-4c32-aac6-1f1e81e1ad30 (CVE-2020-7046): dovecot -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Feb 13, 2020	Feb 13, 2020	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Feb 13, 2020

Added

Feb 13, 2020

Modified

Dec 10, 2025

Description

Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet generation crashes if: message is large enough that message-parser returns multiple body blocks The first block(s) don't contain the full snippet (e.g. full of whitespace) input ends with '>'

Solution

freebsd-upgrade-package-dovecot

References

CVE-2020-7046
https://attackerkb.com/topics/CVE-2020-7046
CWE-835

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today