CVE-2010-0745 - Vulnerability Details - OpenCVE

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dovecot	Dovecot

Configuration 1 [-]

OR	cpe:2.3:a:dovecot:dovecot:1.2.0:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.2:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.3:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.4:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.5:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.6:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.7:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.8:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.9:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.10:::::::*

No data.

References

Link	Providers
http://dovecot.org/list/dovecot-news/2010-March/000152.html
http://dovecot.org/pipermail/dovecot/2010-February/047190.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://marc.info/?l=oss-security&m=127013715227551&w=2
http://security-tracker.debian.org/tracker/CVE-2010-0745
http://www.mandriva.com/security/advisories?name=MDVSA-2010:104
http://www.openwall.com/lists/oss-security/2010/03/10/6
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1226
https://bugzilla.redhat.com/show_bug.cgi?id=572268
https://nvd.nist.gov/vuln/detail/CVE-2010-0745
https://www.cve.org/CVERecord?id=CVE-2010-0745

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-05-20T17:00:00

Updated: 2024-08-07T00:59:39.007Z

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0745

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-05-20T17:30:01.287

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0745

Redhat

Severity : Low

Publid Date: 2010-03-08T00:00:00Z

Links: CVE-2010-0745 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-30T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "MDVSA-2010:104", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}, {"name": "ADV-2010-1226", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"name": "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"name": "[dovecot-news] 20100308 v1.2.11 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"name": "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:39.007Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "MDVSA-2010:104", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}, {"name": "ADV-2010-1226", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"name": "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"name": "[dovecot-news] 20100308 v1.2.11 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"name": "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0745", "datePublished": "2010-05-20T17:00:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2024-08-07T00:59:39.007Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BBB0B72A-1C7D-4F89-BE89-CD82F667CB76", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "FEF89EB6-CBF5-48DF-8FDD-2C0AE0266B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "41B2B3D8-EB69-4BD8-ACD5-CB6BFDE6B2FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Dovecot v1.2.x anterior a 1.2.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo CPU) a trav\u00e9s de una larga cabecera en un mensaje de e-mail"}], "id": "CVE-2010-0745", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-20T17:30:01.287", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"source": "secalert@redhat.com", "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}, {"source": "secalert@redhat.com", "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}