CVE-2026-27859

Опубликовано: 27 мар. 2026

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed version where the processing is limited. No publicly available exploits are known.

A flaw was found in Dovecot. A remote attacker can exploit this vulnerability by sending a specially crafted mail message containing an excessive amount of RFC 2231 MIME parameters. This can cause the Local Mail Transfer Protocol (LMTP) process to consume large amounts of CPU time, leading to a Denial of Service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	dovecot	Fix deferred
Red Hat Enterprise Linux 6	dovecot	Out of support scope
Red Hat Enterprise Linux 7	dovecot	Fix deferred
Red Hat Enterprise Linux 8	dovecot	Fix deferred
Red Hat Enterprise Linux 9	dovecot	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=2452180dovecot: Dovecot: Denial of Service via excessive RFC 2231 MIME parameters

EPSS

Процентиль: 12%

0.00039

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2026-27859

CVSS3: 5.3

nvd

5 дней назад

CVE-2026-27859

CVSS3: 5.3

debian

5 дней назад

A mail message containing excessive amount of RFC 2231 MIME parameters ...

GHSA-3rfp-26pp-jqjf

CVSS3: 5.3

github

5 дней назад

EPSS

Процентиль: 12%

0.00039

Низкий

5.3 Medium

CVSS3