heise PlusAbo
Anzeige

Security patch: Attackers can paralyze Dovecot mail servers

Dovecot IMAP servers can choke on crafted emails and end up in a DoS state.

listen Print view

(Image: Michael Traitov/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit two vulnerabilities in the Dovecot IMAP server and take systems out of service using DoS attacks. A protected version is available for download.

Email server not accessible

Videos by heise

Attackers can trigger the attacks via prepared emails. Very large headers generate errors during email parsing, so that a lot of memory is used and servers fall into a DoS state(CVE-2024-23185 "high").

The second vulnerability(CVE-2024-23184 "medium") can be triggered via a large number of address headers (To, Cc, ...). This also leads to a DoS state. According to the developers, version strings 2.2 and 2.3 are threatened by both vulnerabilities. Issue 2.3.21.1 provides a remedy. So far there is no information on ongoing attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten