A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103201 | Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html | |
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510 | Third Party Advisory |
https://usn.ubuntu.com/3587-1/ | Patch Third Party Advisory |
https://usn.ubuntu.com/3587-2/ | |
https://www.debian.org/security/2018/dsa-4130 | Third Party Advisory |
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2018-02-28T00:00:00
Updated: 2022-04-19T18:21:09
Reserved: 2017-09-13T00:00:00
Link: CVE-2017-14461
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-02T15:29:00.210
Modified: 2022-04-19T19:15:17.503
Link: CVE-2017-14461
JSON object: View
Redhat Information
No data.