CVE-2017-14461Out-of-bounds Read in Dovecot

CWE-125Out-of-bounds ReadCWE-200Sensitive Information Exposure12 documents8 sources
Severity
7.1HIGHNVD
EPSS
1.7%
top 17.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
DovecotDebian DovecotTHE Dovecot Project Dovecot+2 more
Timeline
PublishedMar 2
Latest updateMay 13

Description

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages6 packages

debiandebian/dovecot< dovecot 1:2.2.34-1 (bookworm)
Debiandovecot/dovecot< 1:2.2.34-1+3
Ubuntudovecot/dovecot< 1:2.2.9-1ubuntu2.4+1
NVDdovecot/dovecot2.2.33.2
CVEListV5the_dovecot_project/dovecot2.2.33.2

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: usn.ubuntu.comPatch: usn.ubuntu.com

🔴Vulnerability Details

3
GHSA
GHSA-r34f-p748-2x25: A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive infor2022-05-13
OSV
dovecot vulnerabilities2018-03-05
OSV
CVE-2017-14461: A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive infor2018-03-02

📋Vendor Advisories

4
Ubuntu
Dovecot vulnerabilities2018-04-02
Ubuntu
Dovecot vulnerabilities2018-03-05
Red Hat
dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service2018-02-28
Debian
CVE-2017-14461: dovecot - A specially crafted email delivered over SMTP and passed on to Dovecot by MTA ca...2017

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability2018-03-01
Talos
Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability2018-03-01

💬Community

2
Bugzilla
CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service [fedora-all]2018-03-01
Bugzilla
CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service2018-02-27
CVE-2017-14461 — Out-of-bounds Read in Debian Dovecot | cvebase