CVE-2019-19722
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-19722
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19722.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-19722
- Downstream
- Related
- Published
- 2019-12-13T17:15:13.333Z
- Modified
- 2025-11-14T09:31:39.017449Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB/
- http://www.openwall.com/lists/oss-security/2019/12/13/3
- https://dovecot.org/list/dovecot-news/2019-December/000428.html
- https://dovecot.org/pipermail/dovecot-news/2019-December/000428.html
- https://dovecot.org/security.html
Affected packages
Git / github.com/dovecot/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dovecot/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7
2.3.9
2.3.9.1