216.73.216.133

CVE-2024-25584

· Published 06/09/2024 15:15 · Modified 06/09/2024 16:46

Labels: CVE-2024-25584 2024-09-06CVE-2024-25584CWE-345[email protected]

Essential information

Published
06/09/2024 15:15
Modified
06/09/2024 16:46
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References