CVE-2024-25584

Name of the Vulnerable Software and Affected Versions Dovecot (affected versions not specified)

Description The issue arises because Dovecot accepts the dot LF DOT LF symbol as the end of the DATA command, whereas the RFC requires it to be CR LF DOT CR LF. This discrepancy causes Dovecot to split a single email containing LF DOT LF in the middle into two separate emails when relaying to SMTP. As a result, emails with LF DOT LF are divided into two mails.

Recommendations Upgrade to the latest released version. As a temporary workaround, consider restricting the use of the affected Dovecot functionality until a patch is available.