Innokentii Sennovskiy

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.13 Description: The issue is related to insufficient input validation in the lda, lmtp, and imap components of the Dovecot mail server. This allows a remote attacker to cause a denial of service by crafting a specific email message with certain choices for ten thousand MIME parts, leading to an application crash. Recommendations: For versions prior to 2.3.13, update to version 2.3.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the lda, lmtp, and imap components until a patch is applied. Avoid processing crafted email messages with excessive MIME parts in the affected components.