CVE-2019-7524

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7524

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7524.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7524

Downstream

ALPINE-CVE-2019-7524

DEBIAN-CVE-2019-7524

DLA-1736-1

DSA-4418-1

RHSA-2020:1062

SUSE-SU-2019:0876-1

SUSE-SU-2019:0900-1

UBUNTU-CVE-2019-7524

USN-3928-1

openSUSE-SU-2019:1212-1

openSUSE-SU-2024:10726-1

openSUSE-SU-2025:14715-1

Related

Published

2019-03-28T14:29:00Z

Modified

2025-10-15T11:07:50.415847Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type: GIT
Repo: https://github.com/dovecot/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a7d78f5a20888b4be87ffbb27287785f2fa1bae2

Affected versions

1.*

1.1.alpha1

1.1.alpha2

1.1.alpha4

1.1.alpha5

1.1.alpha6

1.1.beta1

1.1.beta10

1.1.beta11

1.1.beta12

1.1.beta13

1.1.beta14

1.1.beta16

1.1.beta2

1.1.beta3

1.1.beta4

1.1.beta5

1.1.beta6

1.1.beta8

1.1.beta9

1.1.rc1

1.1.rc2

1.1.rc3

1.1.rc4

1.1.rc5

1.1.rc6

1.1.rc7

1.1.rc8

1.2.alpha1

1.2.alpha2

1.2.alpha3

1.2.alpha4

1.2.alpha5

1.2.beta1

1.2.beta2

1.2.beta3

1.2.beta4

1.2.rc1

2.*

2.0.0

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.alpha1

2.0.alpha2

2.0.alpha3

2.0.beta1

2.0.beta2

2.0.beta3

2.0.beta4

2.0.beta5

2.0.beta6

2.0.rc1

2.0.rc2

2.0.rc3

2.0.rc4

2.0.rc5

2.0.rc6

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.alpha1

2.1.alpha2

2.1.beta1

2.1.rc1

2.1.rc2

2.1.rc3

2.1.rc4

2.1.rc5

2.1.rc6

2.1.rc7

2.2.0

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.13.rc1

2.2.14

2.2.14.rc1

2.2.15

2.2.16

2.2.16.rc1

2.2.17

2.2.17.rc1

2.2.17.rc2

2.2.18

2.2.19

2.2.19.rc1

2.2.19.rc2

2.2.2

2.2.20

2.2.20.rc1

2.2.3

2.2.36

2.2.36.1

2.2.36.rc1

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.alpha1

2.2.beta1

2.2.beta2

2.2.rc1

2.2.rc2

2.2.rc3

2.2.rc4

2.2.rc5

2.2.rc6

2.2.rc7