CVE-2017-14461
5.9
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Dovecot Project | Dovecot | 2.2.33.2 | affected |
Weaknesses
- CWE-125: CWE-125: Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
- https://usn.ubuntu.com/3587-1/
- https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
- https://www.debian.org/security/2018/dsa-4130
- https://usn.ubuntu.com/3587-2/
- http://www.securityfocus.com/bid/103201
- https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510
References
- https://usn.ubuntu.com/3587-1/
- https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
- https://www.debian.org/security/2018/dsa-4130
- https://usn.ubuntu.com/3587-2/
- http://www.securityfocus.com/bid/103201
- https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.