4 matches found
CVE-2026-27857
The CVE-2026-27857 issue affects the Dovecot IMAP server where sending a NOOP with 4000+ parentheses causes about 1 MB of memory to be allocated for each connection. Attackers could spawn many connections (potentially from a single IP) to exhaust VSZ and disrupt the service or other proxied conne...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
PT-2026-28365
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...