DSA-4130-1 dovecot -- dovecotID: oval:org.secpod.oval:def:70605 | Date: (C)2021-04-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication.
Product: |
dovecot-dev |
dovecot-core |