Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.
1:2.2.18-2ubuntu21:2.2.22-1ubuntu11:2.2.22-1ubuntu21:2.2.22-1ubuntu2.11:2.2.22-1ubuntu2.101:2.2.22-1ubuntu2.111:2.2.22-1ubuntu2.121:2.2.22-1ubuntu2.131:2.2.22-1ubuntu2.141:2.2.22-1ubuntu2.2+6 more1:2.2.27-3ubuntu11:2.2.33.2-1ubuntu11:2.2.33.2-1ubuntu21:2.2.33.2-1ubuntu31:2.2.33.2-1ubuntu41:2.2.33.2-1ubuntu4.11:2.2.33.2-1ubuntu4.21:2.2.33.2-1ubuntu4.31:2.2.33.2-1ubuntu4.41:2.2.33.2-1ubuntu4.5+3 more1:2.3.4.1-5ubuntu31:2.3.7.2-1ubuntu11:2.3.7.2-1ubuntu21:2.3.7.2-1ubuntu31:2.3.7.2-1ubuntu3.11:2.3.7.2-1ubuntu3.21:2.3.7.2-1ubuntu3.31:2.3.7.2-1ubuntu3.41:2.3.7.2-1ubuntu3.51:2.3.7.2-1ubuntu3.6+1 more1:2.3.16+dfsg1-3ubuntu2.71:2.3.21+dfsg1-2ubuntu6.31:2.4.1+dfsg1-5ubuntu4.11:2.1.7-7ubuntu31:2.2.9-1ubuntu11:2.2.9-1ubuntu21:2.2.9-1ubuntu2.11:2.2.9-1ubuntu2.31:2.2.9-1ubuntu2.41:2.2.9-1ubuntu2.51:2.2.9-1ubuntu2.61:2.2.9-1ubuntu2.6+esm11:2.2.9-1ubuntu2.6+esm2+2 moreExploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H