EUVD-2026-16571
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Tags
Description
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed version where the processing is limited. No publicly available exploits are known.
Analysis
OX Dovecot Pro mail delivery processes consume excessive CPU resources when processing mail messages containing abnormally high numbers of RFC 2231 MIME parameters, enabling remote denial of service without authentication or user interaction. Unauthenticated remote attackers can craft malicious MIME messages to trigger algorithmic complexity in parameter parsing, degrading mail service availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | needed | - |
| xenial | needed | - |
| bionic | needed | - |
| focal | needed | - |
| jammy | needed | - |
| noble | needed | - |
| questing | needed | - |
| upstream | released | 2.4.3 |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1:2.3.13+dfsg1-2+deb11u1 | - |
| bullseye (security) | vulnerable | 1:2.3.13+dfsg1-2+deb11u2 | - |
| bookworm, bookworm (security) | vulnerable | 1:2.3.19.1+dfsg1-2.1+deb12u1 | - |
| trixie | vulnerable | 1:2.4.1+dfsg1-6+deb13u3 | - |
| trixie (security) | vulnerable | 1:2.4.1+dfsg1-6+deb13u1 | - |
| forky, sid | vulnerable | 1:2.4.2+dfsg1-4 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today