CVE-2008-4907

Publication date 4 November 2008

Last updated 24 July 2024

Ubuntu priority

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dovecot	8.10 intrepid	Fixed 1:1.1.4-0ubuntu1.2
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-666-1
Dovecot vulnerability
7 November 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4907