CVE-2021-33515 — Command Injection in Dovecot

CWE-77 — Command Injection CWE-74 — Injection9 documents8 sources

Severity

4.8MEDIUMNVD

OSV5.5

EPSS

5.9%

top 9.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot Debian Linux +2 more

Timeline

PublishedJun 28

Latest updateApr 18

Description

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages5 packages

▶debiandebian/dovecot< dovecot 1:2.3.13+dfsg1-2 (bookworm)

▶NVDdovecot/dovecot< 2.3.14.1

▶Debiandovecot/dovecot< 1:2.3.13+dfsg1-2+3

▶Ubuntudovecot/dovecot< 1:2.3.7.2-1ubuntu3.4

▶msrcmsrc/cbl2_dovecot_2.3.20-1_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0, Fedora 33, 34

🔴Vulnerability Details

GHSA

MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade↗2026-04-18

▶

GHSA

GHSA-pwmq-cvcm-r5p2: The submission service in Dovecot before 2↗2022-05-24

▶

OSV

CVE-2021-33515: The submission service in Dovecot before 2↗2021-06-28

▶

OSV

dovecot vulnerabilities↗2021-06-21

▶

📋Vendor Advisories

Red Hat

dovecot: plaintext commands injection↗2021-06-21

▶

Ubuntu

Dovecot vulnerabilities↗2021-06-21

▶

Microsoft

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.↗2021-06-08

▶

Debian

CVE-2021-33515: dovecot - The submission service in Dovecot before 2.3.15 allows STARTTLS command injectio...↗2021

▶