CVE-2017-14461

NONE EPSS 96.8%
Published Mar 2, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 2, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Threat Intelligence

EPSS Exploit Probability
96.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 6

VendorProductVersionRange
dovecotdovecot2.2.33.2any
debiandebian_linux8.0any
debiandebian_linux9.0any
ubuntuubuntu14.04any
ubuntuubuntu16.04any
ubuntuubuntu17.10any

References 7

  • securityfocus.com http://www.securityfocus.com/bid/103201
    Third Party AdvisoryVDB Entry
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
  • talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3587-1/
    PatchThird Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3587-2/
  • debian.org https://www.debian.org/security/2018/dsa-4130
    Third Party Advisory
  • dovecot.org https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
    Issue TrackingVendor Advisory

Remediation

  • usn.ubuntu.com https://usn.ubuntu.com/3587-1/
    PatchThird Party Advisory