Search CVE reports
1 – 10 of 62 results
CVE-2024-25584
Medium priorityDovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP....
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-23185
Medium prioritySome fixes available 4 of 7
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building...
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-23184
Medium priorityHaving a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18...
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2022-30550
Medium prioritySome fixes available 5 of 7
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can...
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2021-33515
Medium priorityThe submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-29157
Medium priorityDovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of...
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | — | Fixed | Not affected | Not affected | Not affected |
CVE-2020-28200
Low priorityThe Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | Not affected | Not affected | Ignored | Ignored | Ignored |
CVE-2020-25275
Medium priorityDovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | — | — | Fixed | Fixed | Fixed |
CVE-2020-24386
Medium priorityAn issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | — | — | Fixed | Fixed | Not affected |
CVE-2020-12674
Medium priorityIn Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
1 affected package
dovecot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dovecot | — | — | Fixed | Fixed | Fixed |