CVE-2024-25584
First published: Fri Sep 06 2024(Updated: )
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.
Credit: security@open-xchange.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dovecot | >latest |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-25584?
CVE-2024-25584 has a moderate severity level due to its potential to split emails during relaying.
How do I fix CVE-2024-25584?
To fix CVE-2024-25584, upgrade to the latest version of Dovecot.
What impact does CVE-2024-25584 have on email functionality?
CVE-2024-25584 can cause a single email containing LF DOT LF to be split into two separate emails.
What does CVE-2024-25584 affect specifically?
CVE-2024-25584 affects Dovecot's handling of email data commands according to RFC standards.
Is CVE-2024-25584 a configuration issue?
No, CVE-2024-25584 is not a configuration issue but rather a flaw in how Dovecot processes email commands.
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dovecot
- canonical/dovecot