Dovecot Security: CVE-2024-23185 “high” and CVE-2024-23184 “medium”
-
https://www.openwall.com/lists/oss-security/2024/08/15/4
https://www.openwall.com/lists/oss-security/2024/08/15/3Attackers can exploit two vulnerabilities in the Dovecot IMAP server and take systems out of service using DoS attacks. A protected version is available for download.
Email server not accessible: Attackers can trigger the attacks via prepared emails. Very large headers generate errors during email parsing, so that a lot of memory is used and servers fall into a DoS state (CVE-2024-23185 “high”).
The second vulnerability (CVE-2024-23184 “medium”) can be triggered via a large number of address headers (To, Cc, ...). This also leads to a DoS state. According to the developers, version strings 2.2 and 2.3 are threatened by both vulnerabilities. Issue 2.3.21.1 provides a remedy. So far there is no information on ongoing attacks.
-
I haven't seen a notice about this yet - https://ubuntu.com/security/notices . So far, the CVEs are not listed in https://ubuntu.com/security/cves either .
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login