rpm package
suse/dovecot23&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/dovecot23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23185 | Hig | 7.5 | < 2.3.15-150200.65.1 | 2.3.15-150200.65.1 | Sep 10, 2024 | Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val | |
| CVE-2024-23184 | Med | 5.0 | < 2.3.15-150200.65.1 | 2.3.15-150200.65.1 | Sep 10, 2024 | Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e | |
| CVE-2022-30550 | — | < 2.3.15-150200.62.1 | 2.3.15-150200.62.1 | Jul 17, 2022 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied |
- affected < 2.3.15-150200.65.1fixed 2.3.15-150200.65.1
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val
- affected < 2.3.15-150200.65.1fixed 2.3.15-150200.65.1
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e
- CVE-2022-30550Jul 17, 2022affected < 2.3.15-150200.62.1fixed 2.3.15-150200.62.1
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied