Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/dovecot@2.3.21.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Namedovecot
Version2.3.21.1-r0
Qualifiers
arch loongarch64
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-brgx-gpn2-sfcp
vulnerability_id VCID-brgx-gpn2-sfcp
summary Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23185.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23185
reference_id
reference_type
scores
0
value 0.00656
scoring_system epss
scoring_elements 0.7143
published_at 2026-06-09T12:55:00Z
1
value 0.00656
scoring_system epss
scoring_elements 0.71444
published_at 2026-06-06T12:55:00Z
2
value 0.00656
scoring_system epss
scoring_elements 0.71421
published_at 2026-06-07T12:55:00Z
3
value 0.00656
scoring_system epss
scoring_elements 0.71406
published_at 2026-06-08T12:55:00Z
4
value 0.00656
scoring_system epss
scoring_elements 0.71438
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23185
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23185
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078877
reference_id 1078877
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078877
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305910
reference_id 2305910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2305910
6
reference_url https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json
reference_id oxdc-adv-2024-0003.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:14:08Z/
url https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0003.json
7
reference_url https://access.redhat.com/errata/RHSA-2024:6465
reference_id RHSA-2024:6465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6465
8
reference_url https://access.redhat.com/errata/RHSA-2024:6529
reference_id RHSA-2024:6529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6529
9
reference_url https://access.redhat.com/errata/RHSA-2024:6973
reference_id RHSA-2024:6973
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6973
10
reference_url https://usn.ubuntu.com/6982-1/
reference_id USN-6982-1
reference_type
scores
url https://usn.ubuntu.com/6982-1/
11
reference_url https://usn.ubuntu.com/7013-1/
reference_id USN-7013-1
reference_type
scores
url https://usn.ubuntu.com/7013-1/
fixed_packages
0
url pkg:apk/alpine/dovecot@2.3.21.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/dovecot@2.3.21.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dovecot@2.3.21.1-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main
aliases CVE-2024-23185
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brgx-gpn2-sfcp
1
url VCID-dc4z-jx9h-fkak
vulnerability_id VCID-dc4z-jx9h-fkak
summary Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23184.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23184
reference_id
reference_type
scores
0
value 0.00464
scoring_system epss
scoring_elements 0.647
published_at 2026-06-09T12:55:00Z
1
value 0.00464
scoring_system epss
scoring_elements 0.64703
published_at 2026-06-06T12:55:00Z
2
value 0.00464
scoring_system epss
scoring_elements 0.64692
published_at 2026-06-07T12:55:00Z
3
value 0.00464
scoring_system epss
scoring_elements 0.64681
published_at 2026-06-08T12:55:00Z
4
value 0.00464
scoring_system epss
scoring_elements 0.64694
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078876
reference_id 1078876
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078876
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305909
reference_id 2305909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2305909
6
reference_url https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0002.json
reference_id oxdc-adv-2024-0002.json
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:33:58Z/
url https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2024/oxdc-adv-2024-0002.json
7
reference_url https://access.redhat.com/errata/RHSA-2024:6465
reference_id RHSA-2024:6465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6465
8
reference_url https://access.redhat.com/errata/RHSA-2024:6529
reference_id RHSA-2024:6529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6529
9
reference_url https://access.redhat.com/errata/RHSA-2024:6973
reference_id RHSA-2024:6973
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6973
10
reference_url https://usn.ubuntu.com/6982-1/
reference_id USN-6982-1
reference_type
scores
url https://usn.ubuntu.com/6982-1/
11
reference_url https://usn.ubuntu.com/7013-1/
reference_id USN-7013-1
reference_type
scores
url https://usn.ubuntu.com/7013-1/
fixed_packages
0
url pkg:apk/alpine/dovecot@2.3.21.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/dovecot@2.3.21.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dovecot@2.3.21.1-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main
aliases CVE-2024-23184
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc4z-jx9h-fkak
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/dovecot@2.3.21.1-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main