dovecot (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package dovecot, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2022-30550 — CVSS 8.8 (high): An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the…
CVE-2026-27858 — CVSS 7.5 (high): Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker…
CVE-2020-25275 — CVSS 7.5 (high): Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message…
CVE-2024-23185 — CVSS 7.5 (high): Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the…
CVE-2025-59032 — CVSS 7.5 (high): ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service…
CVE-2020-24386 — CVSS 6.8 (medium): An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via…
CVE-2020-10967 — CVSS 5.3 (medium): In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty…
CVE-2020-10958 — CVSS 5.3 (medium): In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or…
CVE-2024-23184 — CVSS 5.0 (medium): Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is…
CVE-2021-33515 — CVSS 4.8 (medium): The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to…
CVE-2026-27857 — CVSS 4.3 (medium): Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client…