CVE-2025-59028

Опубликовано: 27 мар. 2026

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.3

Описание

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

Релиз	Статус	Примечание
devel	not-affected	1:2.4.2+dfsg1-3ubuntu2
esm-infra-legacy/trusty	not-affected	2.4.1+ only
esm-infra/bionic	not-affected	2.4.1+ only
esm-infra/focal	not-affected	2.4.1+ only
esm-infra/xenial	not-affected	2.4.1+ only
jammy	not-affected	2.4.1+ only
noble	not-affected	2.4.1+ only
questing	released	1:2.4.1+dfsg1-5ubuntu4.1
upstream	released	2.4.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 27%

0.00098

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-59028

CVSS3: 5.3

redhat

13 дней назад

CVE-2025-59028

CVSS3: 5.3

nvd

13 дней назад

CVE-2025-59028

CVSS3: 5.3

debian

13 дней назад

When sending invalid base64 SASL data, login process is disconnected f ...

GHSA-9q9x-wwfr-fxqm

CVSS3: 5.3

github

13 дней назад

EPSS

Процентиль: 27%

0.00098

Низкий

5.3 Medium

CVSS3

CVE-2025-59028

Описание

Пакет dovecot

Ссылки на источники

Связанные уязвимости