CVE-2025-59028
Publication date 27 March 2026
Last updated 30 March 2026
Ubuntu priority
Description
Invalid base64 authentication can cause DoS for other logins. When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. No publicly available exploits are known.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| dovecot | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
ebarretto
Introduced by: https://github.com/dovecot/core/commit/1486c30e191ff079bfa78e7950173bb33d8073d9
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |