Lucene search

[email protected]CVE-2017-14461

HistoryMar 02, 2018 - 3:29 p.m.

CVE-2017-14461

2018-03-0215:29:00

CWE-125

CWE-200

[email protected]

web.nvd.nist.gov

102

cve-2017-14461

dovecot

smtp

mta

vulnerability

sensitive information disclosure

denial of service

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

6.6 Medium

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.317 Low

EPSS

Percentile

97.0%

JSON

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

CPENameOperatorVersion
dovecot:dovecotdovecoteq2.2.33.2
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq9.0
ubuntu:ubuntuubuntueq14.04
ubuntu:ubuntuubuntueq16.04
ubuntu:ubuntuubuntueq17.10

CPE	Name	Operator	Version
dovecot:dovecot	dovecot	eq	2.2.33.2
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	9.0
ubuntu:ubuntu	ubuntu	eq	14.04
ubuntu:ubuntu	ubuntu	eq	16.04
ubuntu:ubuntu	ubuntu	eq	17.10