A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103201 | Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html | |
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510 | Third Party Advisory |
https://usn.ubuntu.com/3587-1/ | Patch Third Party Advisory |
https://usn.ubuntu.com/3587-2/ | |
https://www.debian.org/security/2018/dsa-4130 | Third Party Advisory |
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2018-03-02 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-14461
Mitre link : CVE-2017-14461
CVE.ORG link : CVE-2017-14461
JSON object : View
Products Affected
dovecot
- dovecot
ubuntu
- ubuntu
debian
- debian_linux