It was discovered that Dovecot did not not properly have restrictions on ithe size of address headers. A remote attacker could possibly use this issue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)
{ "availability": "No subscription required", "binaries": [ { "dovecot-submissiond": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-solr": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-lmtpd-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-managesieved": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-pop3d": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-sieve": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-ldap-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-core": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-submissiond-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-auth-lua": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-sqlite": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-ldap": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-sqlite-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-managesieved-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-imapd-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-solr-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-sieve-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-gssapi-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-imapd": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-lmtpd": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-auth-lua-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-pop3d-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-mysql": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-pgsql": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-pgsql-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-gssapi": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-core-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-mysql-dbgsym": "1:2.3.21+dfsg1-2ubuntu6", "dovecot-dev": "1:2.3.21+dfsg1-2ubuntu6" } ] }