dovecot-devel (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package dovecot-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2022-30550 — CVSS 8.8 (high): An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the…
CVE-2024-23185 — CVSS 7.5 (high): Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the…
CVE-2025-59032 — CVSS 7.5 (high): ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service…
CVE-2026-27858 — CVSS 7.5 (high): Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker…
CVE-2024-23184 — CVSS 5.0 (medium): Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is…
CVE-2026-27857 — CVSS 4.3 (medium): Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client…