CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-21 13:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-2669

Mitre link : CVE-2017-2669

CVE.ORG link : CVE-2017-2669


JSON object : View

Products Affected

dovecot

  • dovecot

debian

  • debian_linux
CWE
CWE-20

Improper Input Validation