CVE-2020-25275 log

Severity Medium
Remote Yes
Type Denial of service
A security issue was discovered in dovecot version 2.3.11 up to Mail delivery/parsing crashed when the 10 000th MIME part was message/rfc822 (or if its parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. Malicious senders could crash dovecot repeatedly by sending/uploading messages with more than 10 000 MIME parts. The issue is fixed in dovecot version 2.3.13.
Group Package Affected Fixed Severity Status Ticket
AVG-1398 dovecot 2.3.13-1 High Fixed
Date Advisory Group Package Severity Type
04 Jan 2021 ASA-202101-4 AVG-1398 dovecot High multiple issues

Operators can choose to disable IMAP hibernation. IMAP hibernation is not on by default. To ensure imap hibernation is disabled, make sure imap_hibernate_timeout is set to 0 or unset.