Search CVE reports


Toggle filters

1 – 10 of 62 results


CVE-2024-25584

Medium priority
Not affected

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP....

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-23185

Medium priority

Some fixes available 4 of 7

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building...

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-23184

Medium priority
Fixed

Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18...

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2022-30550

Medium priority

Some fixes available 5 of 7

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can...

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Not affected Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-33515

Medium priority
Fixed

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-29157

Medium priority
Fixed

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of...

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Not affected Not affected Not affected
Show less packages

CVE-2020-28200

Low priority
Ignored

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Not affected Not affected Ignored Ignored Ignored
Show less packages

CVE-2020-25275

Medium priority
Fixed

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Fixed
Show less packages

CVE-2020-24386

Medium priority
Fixed

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Not affected
Show less packages

CVE-2020-12674

Medium priority
Fixed

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

1 affected packages

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dovecot Fixed Fixed Fixed
Show less packages