CVE-2017-14461

Impact:
Moderate
Public Date:
2018-02-28
CWE:
CWE-200
Bugzilla:
1549483: CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service

The MITRE CVE dictionary describes this issue as:

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Find out more about CVE-2017-14461 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 dovecot Not affected
Red Hat Enterprise Linux 7 dovecot Will not fix
Red Hat Enterprise Linux 6 dovecot Will not fix
Red Hat Enterprise Linux 5 dovecot Not affected

Acknowledgements

Red Hat would like to thank the Dovecot project for reporting this issue. Upstream acknowledges Aleksandar Nikolic (Cisco Talos) and flxflndy as the original reporters.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation