CVE-2017-14461
NONE EPSS 96.8%
Published Mar 2, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 2, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
Threat Intelligence
EPSS Exploit Probability
96.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-125 Out-of-bounds Read Memory Safety
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 6
References 7
- securityfocus.com http://www.securityfocus.com/bid/103201
- lists.debian.org https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
- talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510
- usn.ubuntu.com https://usn.ubuntu.com/3587-1/
- usn.ubuntu.com https://usn.ubuntu.com/3587-2/
- debian.org https://www.debian.org/security/2018/dsa-4130
- dovecot.org https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
Remediation
- usn.ubuntu.com https://usn.ubuntu.com/3587-1/