rpm package
suse/dovecot23&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/dovecot23&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23185 | Hig | 7.5 | < 2.3.15-150200.65.1 | 2.3.15-150200.65.1 | Sep 10, 2024 | Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val | |
| CVE-2024-23184 | Med | 5.0 | < 2.3.15-150200.65.1 | 2.3.15-150200.65.1 | Sep 10, 2024 | Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e |
- affected < 2.3.15-150200.65.1fixed 2.3.15-150200.65.1
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val
- affected < 2.3.15-150200.65.1fixed 2.3.15-150200.65.1
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e