Bug 2452172 (CVE-2025-59032)

Summary: CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL (Simple Authentication and Security Layer) initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service (DoS) for other users.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-03-27 09:01:56 UTC 
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.
Comment 2 errata-xmlrpc 2026-05-04 13:48:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:13498 https://access.redhat.com/errata/RHSA-2026:13498
Comment 3 errata-xmlrpc 2026-05-05 17:11:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13830 https://access.redhat.com/errata/RHSA-2026:13830
Comment 4 errata-xmlrpc 2026-05-05 19:18:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:13857 https://access.redhat.com/errata/RHSA-2026:13857
Comment 5 errata-xmlrpc 2026-05-14 14:00:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17602 https://access.redhat.com/errata/RHSA-2026:17602
Comment 6 errata-xmlrpc 2026-05-14 15:02:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:17630 https://access.redhat.com/errata/RHSA-2026:17630
Comment 7 errata-xmlrpc 2026-05-14 15:10:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:17625 https://access.redhat.com/errata/RHSA-2026:17625
Comment 8 errata-xmlrpc 2026-05-14 15:14:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:17628 https://access.redhat.com/errata/RHSA-2026:17628
Comment 9 errata-xmlrpc 2026-05-14 15:24:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:17626 https://access.redhat.com/errata/RHSA-2026:17626
Comment 10 errata-xmlrpc 2026-05-18 12:34:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:18053 https://access.redhat.com/errata/RHSA-2026:18053
Comment 11 errata-xmlrpc 2026-05-19 16:09:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19149 https://access.redhat.com/errata/RHSA-2026:19149
Comment 12 errata-xmlrpc 2026-05-19 21:40:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19364 https://access.redhat.com/errata/RHSA-2026:19364
Comment 13 errata-xmlrpc 2026-05-20 01:56:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:19453 https://access.redhat.com/errata/RHSA-2026:19453
Comment 14 errata-xmlrpc 2026-05-20 02:07:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:19455 https://access.redhat.com/errata/RHSA-2026:19455
Comment 16 errata-xmlrpc 2026-06-17 12:02:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:26564 https://access.redhat.com/errata/RHSA-2026:26564