Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

Security patch: Attackers can paralyze Dovecot mail servers

Dovecot IMAP servers can choke on crafted emails and end up in a DoS state.

Save to Pocket listen Print view

(Image: Michael Traitov/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit two vulnerabilities in the Dovecot IMAP server and take systems out of service using DoS attacks. A protected version is available for download.

Email server not accessible

Attackers can trigger the attacks via prepared emails. Very large headers generate errors during email parsing, so that a lot of memory is used and servers fall into a DoS state(CVE-2024-23185 "high").

The second vulnerability(CVE-2024-23184 "medium") can be triggered via a large number of address headers (To, Cc, ...). This also leads to a DoS state. According to the developers, version strings 2.2 and 2.3 are threatened by both vulnerabilities. Issue 2.3.21.1 provides a remedy. So far there is no information on ongoing attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Spiele

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten