This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
In Dovecot before 22.214.171.124, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
CVSS 3.x Severity and Metrics:
CVSS 2.0 Severity and Metrics: