Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentOXVULNRICHMENT:CVE-2024-23184
HistorySep 10, 2024 - 2:33 p.m.

CVE-2024-23184

2024-09-1014:33:34
OX
github.com
1
address headers
cpu intensive
security issue
mta component
dovecot
email exploit
outage prevention
resource consumption

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.

Related

debiancve 1
osv 9
redhatcve 1
packetstorm 2
nvd 1
cve 1
ubuntucve 1
cvelist 1
alpinelinux 1
openvas 11
nessus 14
fedora 2
redhat 2
slackware 1
ubuntu 1
almalinux 1
rocky 1
mageia 1
oraclelinux 1
freebsd 1
debiancve
debiancve
CVE-2024-23184
2024-09-10 15:15:14
osv
osv
CVE-2024-23184
2024-09-10 15:15:14
dovecot - security update
2024-09-02 00:00:00
Security update for dovecot23
2024-09-03 15:08:50
redhatcve
redhatcve
CVE-2024-23184
2024-08-19 21:09:25
packetstorm
packetstorm
Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting
2024-08-19 00:00:00
Dovecot IMAP Server 2.2 / 2.3 Denial Of Service
2024-08-19 00:00:00
nvd
nvd
CVE-2024-23184
2024-09-10 15:15:14
cve
cve
CVE-2024-23184
2024-09-10 15:15:14
ubuntucve
ubuntucve
CVE-2024-23184
2024-08-24 00:00:00
cvelist
cvelist
CVE-2024-23184
2024-09-10 14:33:34
alpinelinux
alpinelinux
CVE-2024-23184
2024-09-10 15:15:14
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3118-1)
2024-09-04 00:00:00
Fedora: Security Advisory (FEDORA-2024-ba5bb9f63a)
2024-09-10 00:00:00
Dovecot 2.2.x < 2.3.21.1 Multiple Vulnerabilities
2024-08-15 00:00:00
nessus
nessus
Fedora 40 : dovecot (2024-e23e8a3f1e)
2024-08-28 00:00:00
Debian dla-3860 : dovecot-auth-lua - security update
2024-09-02 00:00:00
Ubuntu 24.04 LTS : Dovecot vulnerabilities (USN-6982-1)
2024-09-02 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: dovecot-2.3.21.1-1.fc39
2024-08-28 02:22:26
[SECURITY] Fedora 40 Update: dovecot-2.3.21.1-1.fc40
2024-08-28 02:37:07
redhat
redhat
(RHSA-2024:6529) Moderate: dovecot security update
2024-09-10 11:06:27
(RHSA-2024:6465) Moderate: dovecot security update
2024-09-09 01:03:03
slackware
slackware
[slackware-security] dovecot
2024-08-14 19:37:56
ubuntu
ubuntu
Dovecot vulnerabilities
2024-09-02 00:00:00
almalinux
almalinux
Moderate: dovecot security update
2024-09-10 00:00:00
rocky
rocky
dovecot security update
2024-09-17 00:55:55
mageia
mageia
Updated packages fix security vulnerabilities
2024-08-17 19:55:51
oraclelinux
oraclelinux
dovecot security update
2024-09-10 00:00:00
freebsd
freebsd
Dovecot -- DoS
2024-08-14 00:00:00

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-23184
debiancve1osv9redhatcve1packetstorm2nvd1cve1ubuntucve1cvelist1alpinelinux1openvas11nessus14fedora2redhat2slackware1ubuntu1almalinux1rocky1mageia1oraclelinux1freebsd1