CVE-2024-25584

MEDIUM

Dovecot - Info Disclosure

Title source: llm

Description

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.

References (1)

[Vendor Advisory] https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0001.json

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-345

Status published

Products (1)

Open-Xchange GmbH/OX Dovecot Pro < 2.3.21

Published Sep 06, 2024

Tracked Since Feb 18, 2026