Dovecot can be attacked remotely

DoS attacks on current versions of Dovecot possible

Prepared emails with headers that are too large can cause the parser to choke and consequently fill up the system's memory. Another possibility is spamming of address-headers, which can also lead to a DoS.

The problems are listed under CVE-2024-23185 and CVE-2024-23184.

A secured version is 2.3.21.

The problem will probably not directly lead to problems on many installations, because most MTAs generally limit the size and as a consequence prevent the problem from being exploited.

If you cannot update at the moment, you should make sure that the MTA limits the size accordingly.