PT-2026-28366 · Dovecot+3 · Dovecot+3

Ilyar

Publicado

2026-01-01

Atualizado

2026-05-19

CVE-2026-27858

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3

Description An attacker can send a crafted message before authentication, leading to excessive memory allocation within the managesieve component. This can cause the managesieve-login process to crash, potentially resulting in a denial-of-service condition. No publicly available exploits are currently known.

Recommendations Update to version 2.4.3 or later. Protect access to the managesieve protocol.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALSA-2026:13498

ALSA-2026:13830

ALSA-2026:13857

ALSA-2026:19149

ALSA-2026:19364

CVE-2026-27858

OESA-2026-1849

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

RHSA-2026:13498

RHSA-2026:13830

RHSA-2026:13857

SUSE-SU-2026:21208-1

USN-8136-1

Produtos afetados

Dovecot

Linuxmint

Rocky Linux

Ubuntu

PT-2026-28366 · Dovecot+3 · Dovecot+3

CVE-2026-27858

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 80