{"id":58982,"date":"2024-08-19T19:29:57","date_gmt":"2024-08-19T16:29:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180234\/DOV-6464.txt"},"modified":"2024-08-19T19:29:57","modified_gmt":"2024-08-19T16:29:57","slug":"dovecot-imap-server-2-2-2-3-missing-rate-limiting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/dovecot-imap-server-2-2-2-3-missing-rate-limiting\/","title":{"rendered":"Dovecot IMAP Server 2.2 \/ 2.3 Missing Rate Limiting"},"content":{"rendered":"<p>Affected product: Dovecot IMAP Server<br \/>Internal reference: DOV-6464<br \/>Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)<br \/>Vulnerable version: 2.2, 2.3<br \/>Vulnerable component: lib-mail<br \/>Report confidence: Confirmed<br \/>Solution status: Fixed in 2.3.21.1<br \/>Researcher credits: Vendor internal discovery<br \/>Vendor notification: 2024-01-30<br \/>CVE reference: CVE-2024-23184<br \/>CVSS: 5.0 (CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:L\/A:N)<\/p>\n<p>Vulnerability Details:<br \/>Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue.<\/p>\n<p>The main problem is that each header line&#8217;s address is added to the end of a linked list. This is done by walking the whole linked list, which becomes more inefficient the more addresses there are.<\/p>\n<p>Workaround:<br \/>One can implement restrictions on address headers on MTA component preceding Dovecot.<\/p>\n<p>Fix:<br \/>Install non-vulnerable version of Dovecot. Patch can be found at https:\/\/github.com\/dovecot\/core\/compare\/8e4c42d%5E&#8230;1481c04.patch<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Affected product: Dovecot IMAP ServerInternal reference: DOV-6464Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)Vulnerable version: 2.2, 2.3Vulnerable component: lib-mailReport confidence: ConfirmedSolution status: Fixed in 2.3.21.1Researcher credits: Vendor internal discoveryVendor notification: 2024-01-30CVE reference: CVE-2024-23184CVSS: 5.0 (CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:L\/A:N) Vulnerability Details:Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58982","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58982"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58982\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}