{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23185", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2024-01-12T07:03:12.862Z", "datePublished": "2024-09-10T14:38:50.523Z", "dateUpdated": "2024-09-10T19:19:51.788Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["core"], "product": "OX Dovecot Pro", "vendor": "Open-Xchange GmbH", "versions": [{"lessThanOrEqual": "2.3.21", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "cwe"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2024-09-10T14:45:05.763Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json"}], "source": {"defect": "DOV-6601", "discovery": "INTERNAL"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/15/4"}, {"url": "http://seclists.org/fulldisclosure/2024/Aug/18"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-10T15:02:59.227Z"}}, {"affected": [{"vendor": "open-xchange", "product": "ox_dovecot_pro", "cpes": ["cpe:2.3:a:open-xchange:ox_dovecot_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.3.21", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T19:14:08.131462Z", "id": "CVE-2024-23185", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T19:19:51.788Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/15/4"}, {"url": "http://seclists.org/fulldisclosure/2024/Aug/18"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-10T15:02:59.227Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23185", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T19:14:08.131462Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:open-xchange:ox_dovecot_pro:*:*:*:*:*:*:*:*"], "vendor": "open-xchange", "product": "ox_dovecot_pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3.21"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T19:19:41.632Z"}}], "cna": {"source": {"defect": "DOV-6601", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Open-Xchange GmbH", "modules": ["core"], "product": "OX Dovecot Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.3.21"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2024-09-10T14:45:05.763Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23185", "state": "PUBLISHED", "dateUpdated": "2024-09-10T19:19:51.788Z", "dateReserved": "2024-01-12T07:03:12.862Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2024-09-10T14:38:50.523Z", "assignerShortName": "OX"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known."}, {"lang": "es", "value": "Los encabezados muy grandes pueden causar el agotamiento de los recursos al analizar el mensaje. El analizador de mensajes normalmente lee fragmentos de tama\u00f1o razonable del mensaje. Sin embargo, cuando los env\u00eda al analizador de encabezados de mensajes, comienza a construir un b\u00fafer de \"valor completo\" a partir de los fragmentos m\u00e1s peque\u00f1os. El b\u00fafer de valor completo no tiene l\u00edmite de tama\u00f1o, por lo que los encabezados grandes pueden causar un gran uso de memoria. No importa si se trata de una sola l\u00ednea de encabezado larga o de un solo encabezado dividido en varias l\u00edneas. Este error existe en todas las versiones de Dovecot. Los correos entrantes normalmente tienen algunos l\u00edmites de tama\u00f1o establecidos por el MTA, por lo que incluso el tama\u00f1o de encabezado m\u00e1s grande posible puede caber en el vsz_limit de Dovecot. Por lo tanto, los atacantes probablemente no puedan atacar a un usuario v\u00edctima de esta manera. Sin embargo, un usuario podr\u00eda ANEXAR correos m\u00e1s grandes, lo que le permitir\u00eda atacarse a s\u00ed mismo (aunque tal vez cause algunos problemas de memoria para el backend en general). Se pueden implementar restricciones en los encabezados en el componente MTA anterior a Dovecot. No se conocen exploits disponibles p\u00fablicamente."}], "id": "CVE-2024-23185", "lastModified": "2024-11-21T08:57:08.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@open-xchange.com", "type": "Secondary"}]}, "published": "2024-09-10T15:15:14.967", "references": [{"source": "security@open-xchange.com", "url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Aug/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/08/15/4"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@open-xchange.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6973", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dovecot-1:2.3.16-6.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6529", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dovecot-1:2.3.16-11.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-10T00:00:00Z"}, {"advisory": "RHSA-2024:6465", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "dovecot-1:2.3.16-8.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-09T00:00:00Z"}], "bugzilla": {"description": "dovecot: very large headers can cause resource exhaustion when parsing message", "id": "2305910", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305910"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.", "A security issue was found in Dovecot. Very large headers can lead to resource exhaustion when parsing messages. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to the message-header-parser, it starts building up a \"full_value\" buffer out of the smaller chunks. The full_value buffer has no size limit so large headers can cause large memory usage. This issue occurs whether it is a single long header line or a single header split into multiple lines."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-23185", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "dovecot", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "dovecot", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23185\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23185"], "statement": "This vulnerability is considered moderate rather than important because, while it can lead to resource exhaustion through unbounded memory allocation, its exploitability is limited by several factors. Incoming mail typically passes through an MTA that enforces size limits, significantly reducing the likelihood of an external attacker successfully exploiting the issue. Additionally, the potential for a user to cause a denial-of-service (DoS) attack on themselves by appending large emails is largely self-contained, affecting only the user's session and not posing a broader systemic risk. As a result, the overall impact is mitigated, making it a moderate severity issue.", "threat_severity": "Moderate"}