N/A

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

N/A

输入验证不恰当

Dovecot 安全漏洞

Dovecot是一款开源的基于类Linux/UNIX系统的IMAP和POP3邮件服务器。 Dovecot 2.2.26版本至2.2.28版本中存在远程拒绝服务漏洞。远程攻击者可利用该漏洞造成进程崩溃或占用过多CPU资源，导致拒绝服务。

N/A

N/A