CVE-2017-14461

2018-02-2800:00:00

ubuntu.com

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

EPSS

0.317

Percentile

97.0%

JSON

A specially crafted email delivered over SMTP and passed on to Dovecot by
MTA can trigger an out of bounds read resulting in potential sensitive
information disclosure and denial of service. In order to trigger this
vulnerability, an attacker needs to send a specially crafted email message
to the server.

Notes

Author	Note
mdeslaur	affects 2.0 - 2.2.33, 2.3.0

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchdovecot< 1:2.2.27-3ubuntu1.3UNKNOWN
ubuntu14.04noarchdovecot< 1:2.2.9-1ubuntu2.4UNKNOWN
ubuntu16.04noarchdovecot< 1:2.2.22-1ubuntu2.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	dovecot	< 1:2.2.27-3ubuntu1.3	UNKNOWN
ubuntu	14.04	noarch	dovecot	< 1:2.2.9-1ubuntu2.4	UNKNOWN
ubuntu	16.04	noarch	dovecot	< 1:2.2.22-1ubuntu2.7	UNKNOWN