DSA-4130-1 dovecot -- dovecotID: oval:org.secpod.oval:def:603296 | Date: (C)2018-03-08 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
dovecot |
dovecot-dev |
dovecot-core |