Description

Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.

INFO

Published Date :

2024-09-10T14:33:34.166Z

Last Modified :

2025-11-04T16:11:12.830Z

Source :

OX
AFFECTED PRODUCTS

The following products are affected by CVE-2024-23184 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-23184.

URL Resource
http://seclists.org/fulldisclosure/2024/Aug/17 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2024/08/15/3 cve-icon cve-icon
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0002.json cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/09/msg00002.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-23184 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-23184 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact