Primary

Context

Open-Xchange Dovecot Uncontrolled Resource Consumption Vulnerability via Excessive Bracing in IMAP

Vulnerability

A vulnerability allowing uncontrolled memory usage has been identified in Open-Xchange Dovecot Pro and Community Edition, specifically in versions 3.0.5, 3.1.4, and 2.4.3. The issue arises from an incomplete fix for a previous vulnerability, which only addressed closing braces but left open braces unregulated. This oversight allows attackers to manipulate memory usage by exceeding the configured limits. Although no public exploits are known, the vulnerability can be exploited by sending excessive bracing through IMAP, causing memory consumption up to the application's memory limit.

Impact

Exploitation of this vulnerability leads to excessive memory usage, causing a denial-of-service condition by exhausting available resources.

Remediation

Users can upgrade to OX Dovecot Pro 3.1.5 or OX Dovecot CE 2.4.4, or configure the vsz_limit for the IMAP process to a low value.

Added: May 12, 2026, 2:27 PM

Updated: May 12, 2026, 2:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-Xchange Dovecot Uncontrolled Resource Consumption Vulnerability via Excessive Bracing in IMAP

Vulnerability

Impact

Remediation

Affected Products

Open-Xchange GmbH OX Dovecot Pro

Open-Xchange GmbH OX Dovecot CE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating