CVE-2017-14461

Published: Mar 2, 2018Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Affected (6)

Products: Dovecot: Dovecot · Debian: Debian Linux · Ubuntu: Ubuntu

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dovecot Dovecot	Version 2.2.33.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Ubuntu Ubuntu	Version 14.04
Ubuntu Ubuntu	Version 16.04
Ubuntu Ubuntu	Version 17.10

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://www.securityfocus.com/bid/103201

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html

Source: talos-cna@cisco.com

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510

Source: talos-cna@cisco.com

Third Party Advisory

https://usn.ubuntu.com/3587-1/

Source: talos-cna@cisco.com

PatchThird Party Advisory

https://usn.ubuntu.com/3587-2/

Source: talos-cna@cisco.com

https://www.debian.org/security/2018/dsa-4130

Source: talos-cna@cisco.com

Third Party Advisory

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Source: talos-cna@cisco.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/103201

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3587-1/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://usn.ubuntu.com/3587-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4130

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.