CVE-2019-11500 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Dovecot	Dovecot Pigeonhole
Fedoraproject	Fedora
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
dovecot-1:2.0.9-22.el6_10.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:2885	2019-09-23T00:00:00Z
Red Hat Enterprise Linux 7
dovecot-1:2.2.36-3.el7_7.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:2836	2019-09-20T00:00:00Z
Red Hat Enterprise Linux 8
dovecot-1:2.2.36-5.el8_0.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:2822	2019-09-20T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html
http://www.openwall.com/lists/oss-security/2019/08/28/3
https://access.redhat.com/errata/RHSA-2019:2822
https://access.redhat.com/errata/RHSA-2019:2836
https://access.redhat.com/errata/RHSA-2019:2885
https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/
https://nvd.nist.gov/vuln/detail/CVE-2019-11500
https://security.gentoo.org/glsa/201908-29
https://www.cve.org/CVERecord?id=CVE-2019-11500
https://www.dovecot.org/security.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-07T20:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dovecot.org/security.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.dovecot.org/security.html", "refsource": "MISC", "url": "https://www.dovecot.org/security.html"}, {"name": "http://www.openwall.com/lists/oss-security/2019/08/28/3", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"name": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html", "refsource": "CONFIRM", "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.604Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dovecot.org/security.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"name": "FEDORA-2019-3844281be1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"name": "GLSA-201908-29", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"name": "FEDORA-2019-59d60bd1fa", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"name": "FEDORA-2019-ea638fb605", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"name": "RHSA-2019:2822", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"name": "RHSA-2019:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"name": "RHSA-2019:2885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"name": "openSUSE-SU-2019:2281", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"name": "openSUSE-SU-2019:2278", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11500", "datePublished": "2019-08-29T13:51:46", "dateReserved": "2019-04-24T00:00:00", "dateUpdated": "2024-08-04T22:55:40.604Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-10-07T20:06:11 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.dovecot.org/security.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

}

3 : { »

name : [debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html (string)

}

4 : { »

name : FEDORA-2019-3844281be1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/ (string)

}

5 : { »

name : GLSA-201908-29 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201908-29 (string)

}

6 : { »

name : FEDORA-2019-59d60bd1fa (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/ (string)

}

7 : { »

name : FEDORA-2019-ea638fb605 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/ (string)

}

8 : { »

name : RHSA-2019:2822 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2822 (string)

}

9 : { »

name : RHSA-2019:2836 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2836 (string)

}

10 : { »

name : RHSA-2019:2885 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2885 (string)

}

11 : { »

name : openSUSE-SU-2019:2281 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html (string)

}

12 : { »

name : openSUSE-SU-2019:2278 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2019-11500 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.dovecot.org/security.html (string)

refsource : MISC (string)

url : https://www.dovecot.org/security.html (string)

}

1 : { »

name : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

refsource : CONFIRM (string)

url : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

}

2 : { »

name : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

refsource : CONFIRM (string)

url : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

}

3 : { »

name : [debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html (string)

}

4 : { »

name : FEDORA-2019-3844281be1 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/ (string)

}

5 : { »

name : GLSA-201908-29 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201908-29 (string)

}

6 : { »

name : FEDORA-2019-59d60bd1fa (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/ (string)

}

7 : { »

name : FEDORA-2019-ea638fb605 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/ (string)

}

8 : { »

name : RHSA-2019:2822 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2019:2822 (string)

}

9 : { »

name : RHSA-2019:2836 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2019:2836 (string)

}

10 : { »

name : RHSA-2019:2885 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2019:2885 (string)

}

11 : { »

name : openSUSE-SU-2019:2281 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html (string)

}

12 : { »

name : openSUSE-SU-2019:2278 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T22:55:40.604Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.dovecot.org/security.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

}

3 : { »

name : [debian-lts-announce] 20190829 [SECURITY] [DLA 1901-1] dovecot security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html (string)

}

4 : { »

name : FEDORA-2019-3844281be1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/ (string)

}

5 : { »

name : GLSA-201908-29 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201908-29 (string)

}

6 : { »

name : FEDORA-2019-59d60bd1fa (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/ (string)

}

7 : { »

name : FEDORA-2019-ea638fb605 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/ (string)

}

8 : { »

name : RHSA-2019:2822 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2822 (string)

}

9 : { »

name : RHSA-2019:2836 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2836 (string)

}

10 : { »

name : RHSA-2019:2885 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2019:2885 (string)

}

11 : { »

name : openSUSE-SU-2019:2281 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html (string)

}

12 : { »

name : openSUSE-SU-2019:2278 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2019-11500 (string)

datePublished : 2019-08-29T13:51:46 (string)

dateReserved : 2019-04-24T00:00:00 (string)

dateUpdated : 2024-08-04T22:55:40.604Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "88D5E505-A17F-45AE-8E1D-DA0F8E5AB532", "versionEndExcluding": "2.2.36.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EDA13EB-417C-4DA7-A7F8-719D3B13F8F8", "versionEndExcluding": "2.3.7.2", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:pigeonhole:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A7D824-F6F2-4988-9FBA-3859B376AEB8", "versionEndExcluding": "0.5.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution."}, {"lang": "es", "value": "En Dovecot versiones anteriores a 2.2.36.4 y versiones 2.3.x  anteriores a 2.3.7.2 (y Pigeonhole versiones anteriores a 0.5.7.2), el procesamiento del protocolo puede fallar para cadenas entre comillas. Esto ocurre porque los caracteres '\\0' se manejan inapropiadamente y pueden generar escrituras fuera de l\u00edmites y ejecuci\u00f3n de c\u00f3digo remota."}], "id": "CVE-2019-11500", "lastModified": "2024-11-21T04:21:12.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T14:15:11.037", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dovecot.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/08/28/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dovecot.org/security.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 88D5E505-A17F-45AE-8E1D-DA0F8E5AB532 (string)

versionEndExcluding : 2.2.36.4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8EDA13EB-417C-4DA7-A7F8-719D3B13F8F8 (string)

versionEndExcluding : 2.3.7.2 (string)

versionStartIncluding : 2.3.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:dovecot:pigeonhole:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 62A7D824-F6F2-4988-9FBA-3859B376AEB8 (string)

versionEndExcluding : 0.5.7.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* (string)

matchCriteriaId : 97A4B8DF-58DA-4AB6-A1F9-331B36409BA3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. (string)

}

1 : { »

lang : es (string)

value : En Dovecot versiones anteriores a 2.2.36.4 y versiones 2.3.x anteriores a 2.3.7.2 (y Pigeonhole versiones anteriores a 0.5.7.2), el procesamiento del protocolo puede fallar para cadenas entre comillas. Esto ocurre porque los caracteres '\0' se manejan inapropiadamente y pueden generar escrituras fuera de límites y ejecución de código remota. (string)

}

]

id : CVE-2019-11500 (string)

lastModified : 2024-11-21T04:21:12.797 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-08-29T14:15:11.037 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Mailing List (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://access.redhat.com/errata/RHSA-2019:2822 (string)

}

4 : { »

source : cve@mitre.org (string)

url : https://access.redhat.com/errata/RHSA-2019:2836 (string)

}

5 : { »

source : cve@mitre.org (string)

url : https://access.redhat.com/errata/RHSA-2019:2885 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html (string)

}

8 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/ (string)

}

9 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/ (string)

}

10 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/ (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201908-29 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.dovecot.org/security.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Mailing List (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2019/08/28/3 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2019:2822 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2019:2836 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2019:2885 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/ (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/ (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/ (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201908-29 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.dovecot.org/security.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue. Upstream acknowledges Nick Roessler (University of Pennsylvania) and Rafi Rubin (University of Pennsylvania) as the original reporters.", "affected_release": [{"advisory": "RHSA-2019:2885", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "dovecot-1:2.0.9-22.el6_10.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2836", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "dovecot-1:2.2.36-3.el7_7.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2822", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dovecot-1:2.2.36-5.el8_0.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-20T00:00:00Z"}], "bugzilla": {"description": "dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes", "id": "1741141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741141"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.", "A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-11500", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "dovecot", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-08-28T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11500\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11500\nhttps://dovecot.org/pipermail/dovecot-news/2019-August/000418.html"], "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank the Dovecot project for reporting this issue. Upstream acknowledges Nick Roessler (University of Pennsylvania) and Rafi Rubin (University of Pennsylvania) as the original reporters. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2019:2885 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : dovecot-1:2.0.9-22.el6_10.1 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2019-09-23T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2019:2836 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : dovecot-1:2.2.36-3.el7_7.1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2019-09-20T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2019:2822 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : dovecot-1:2.2.36-5.el8_0.1 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2019-09-20T00:00:00Z (string)

}

]

bugzilla : { »

description : dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (string)

id : 1741141 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1741141 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 8.1 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-20 (string)

details : [ »

0 : In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. (string)

1 : A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (string)

]

name : CVE-2019-11500 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Out of support scope (string)

package_name : dovecot (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2019-08-28T12:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2019-11500 https://nvd.nist.gov/vuln/detail/CVE-2019-11500 https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html (string)

]

threat_severity : Important (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object