cancel
Showing results for 
Search instead for 
Did you mean: 
Jens
Cadet
Cadet
  • 218 Views

Dovecot vulnerabilities

Just came across this early this monring... and since running our family mail Server, need to fix it asap!

There are currently 2 nasty vulnerabilities known for IMAP Server dovecot, making it vulnerable to DoD attacs:

1.

Dovecot CVE-2024-23185: Very large headers can cause resource
 exhaustion when parsing message
Risk Level: HIGH

see here: https://www.openwall.com/lists/oss-security/2024/08/15/4

2. 

Dovecot CVE-2024-23184: Having a large number of address headers
 (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive 
Risk Level: Medium

 see here: https://www.openwall.com/lists/oss-security/2024/08/15/3

Looks like both an be fixed by upgrading to Version: 2.3.21.1 or later

 

Labels (3)
Tags (1)
0 Replies
Join the discussion
You must log in to join this conversation.