CVE-2019-11500: dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

Severity: Critical

CVSS Score: 9.8

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.