Description

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and causing a denial of service. The CommandParser implementation enforces size limits on its dynamic buffer in most parsing states, but several state handlers omit these validation checks. This issue is fixed in version 0.13.4. A workaround for this issue is to implement rate limiting and connection monitoring at the network level, however this does not provide complete protection.

INFO

Published Date :

2025-10-02T21:30:52.203Z

Last Modified :

2025-10-03T13:39:45.634Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61600 vulnerability.

Vendors Products
Stalwartlabs
  • Stalwart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61600.

URL Resource
https://github.com/stalwartlabs/stalwart/commit/a8e631e881bded8128358732f18e02ca94a4e677 cve-icon cve-icon
https://github.com/stalwartlabs/stalwart/releases/tag/v0.13.4 cve-icon cve-icon
https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-8jqj-qj5p-v5rr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact