Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-59032

Опубликовано: 27 мар. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL (Simple Authentication and Security Layer) initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service (DoS) for other users.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10dovecotAffected
Red Hat Enterprise Linux 6dovecotAffected
Red Hat Enterprise Linux 7dovecotAffected
Red Hat Enterprise Linux 8dovecotAffected
Red Hat Enterprise Linux 9dovecotAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-229
https://bugzilla.redhat.com/show_bug.cgi?id=2452172dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

EPSS

Процентиль: 19%
0.00059
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-59032

CVSS3: 7.5
ubuntu
11 дней назад

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

nvd логотип

CVE-2025-59032

CVSS3: 7.5
nvd
11 дней назад

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

debian логотип

CVE-2025-59032

CVSS3: 7.5
debian
11 дней назад

ManageSieve AUTHENTICATE command crashes when using literal as SASL in ...

github логотип

GHSA-w2gj-cmfm-c4j4

CVSS3: 7.5
github
11 дней назад

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

EPSS

Процентиль: 19%
0.00059
Низкий

7.5 High

CVSS3

Уязвимость CVE-2025-59032