Fedora 44 : dovecot (2026-96eeb03b88)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-96eeb03b88 advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

📄 Dovecot MIME Parameter CPU Exhaustion

This Metasploit module targets a denial of service vulnerability in the Dovecot LMTP service caused by excessive CPU consumption. ================================================================================================================================== | Title : Dovecot MIME Parameter CPU...

openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2025-20113-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20113-1 advisory. - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove...

SUSE-SU-2025:21159-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove proxyalways field. - config: Change settings history parsing to use python3. - doveadm: Print...

EUVD-2020-28877

Malware in sbrugna...

[SECURITY] Fedora 38 Update: amavis-2.13.1-1.fc38

amavis is a high-performance and reliable interface between mailer MTA and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via ESMTP or LMTP, or by using helper...

[SECURITY] Fedora 40 Update: amavis-2.13.1-1.fc40

amavis is a high-performance and reliable interface between mailer MTA and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via ESMTP or LMTP, or by using helper...

SUSE CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

SUSE CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

SUSE CVE-2020-10957

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp...

AlmaLinux 8 : dovecot (ALSA-2020:4763)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4763 advisory. - In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can...

Local Mail Transfer Protocol (LMTP) Service Detection

Detection of services supporting the Local Mail Transfer Protocol LMTP. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Advisory ROSA-SA-2021-1824

Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...

Dovecot 1.2.0 - 2.3.14 DoS Vulnerability

Dovecot is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

SUSE: Security Advisory (SUSE-SU-2019:0414-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.02 : dovecot Multiple Vulnerabilities (NS-SA-2021-0077)

The remote NewStart CGSL host, running version MAIN 6.02, has dovecot packages installed that are affected by multiple vulnerabilities: - In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead t...

Dovecot 2.3.11.3 Denial Of Service Vulnerability

Dovecot 2.3.11.3 Denial Of Service Vulnerability Vendor: OX Software GmbH Internal reference: DOV-4113 Bug ID Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vend...

dovecot: sending mail with empty quoted localpart leads to DoS

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

Open-Xchange: A specially crafted message sent to the local delivery agent (LMTP) causes the LMTP child process to issue a panic (call i_panic)

Summary Sending a message to the local delivery agent with the number of MIME parts more than the dovecot core threshold of MIME parts results in ipanic. In the case of LMTP server it causes the child to abort connection. I believe that this can be quite problematic, if such a message lands in th...

Fedora 31 : 1:dovecot (2020-cd8b8f887b)

CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can le...