公告ID: KYLIN-2020-12674
安全等级: 重要
产品: Kylin V3
发布日期: 2020年8月12日
CVE: CVE-2020-12674
CVSS3评分: 7.5
概述:
None 描述:
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
dovecot
dovecot
dovecot
dovecot