Whisperer

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.4.3 **Description** Sending a "NOOP (((...)))" command with a large number of parentheses (e.g., 4000 open and close) can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by not sending the command ending LF, can result in significant memory allocation, potentially reaching the VSZ limit and causing the process to terminate, impacting other proxied connections. An attacker could establish numerous connections, potentially from a single IP address, to allocate a substantial amount of memory (e.g., 1GB) and disrupt the service. **Recommendations** Update to version 2.4.3 or later.