Medium severity5.3NVD Advisory· Published Sep 6, 2024· Updated Apr 15, 2026
CVE-2024-25584
CVE-2024-25584
Description
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.
Affected products
3Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.