← volver
CVE-2024-25584

CVE-2024-25584

CVSS 5.3 MEDIUMEPSS 0.2%CWE-345
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
06 sep 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
Open-Xchange GmbH · OX Dovecot Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0001.json