Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-59028

Опубликовано: 27 мар. 2026
Источник: debian
EPSS Низкий

Описание

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
dovecotfixed1:2.4.3+dfsg1-1package
dovecotfixed1:2.4.1+dfsg1-6+deb13u4trixiepackage
dovecotnot-affectedbookwormpackage
dovecotnot-affectedbullseyepackage

Примечания

  • https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/

  • https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2025-59028-invalid-base64-authentication-can-cause-dos-for-other-logins

  • Introduced with: https://github.com/dovecot/core/commit/1486c30e191ff079bfa78e7950173bb33d8073d9 (2.4.1)

  • Fixed by: https://github.com/dovecot/core/commit/56df8acb5f21abaa039f91f1b0839a75719231de (2.4.3)

EPSS

Процентиль: 27%
0.00098
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-59028

CVSS3: 5.3
ubuntu
13 дней назад

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

redhat логотип

CVE-2025-59028

CVSS3: 5.3
redhat
13 дней назад

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

nvd логотип

CVE-2025-59028

CVSS3: 5.3
nvd
13 дней назад

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

github логотип

GHSA-9q9x-wwfr-fxqm

CVSS3: 5.3
github
13 дней назад

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

EPSS

Процентиль: 27%
0.00098
Низкий