CVE-2017-14461

Source
Severity High
Remote Yes
Type Information disclosure
Description
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure of an email from another user or may cause an application crash. In order to trigger this vulnerability, an imap-authenticated attacker needs to send a specially crafted email message to the server.
Group Package Affected Fixed Severity Status Ticket
AVG-645 dovecot 2.3.0-2 2.3.0.1-1 High Fixed
Date Advisory Group Package Severity Description
06 Mar 2018 ASA-201803-7 AVG-645 dovecot High multiple issues
References
https://www.dovecot.org/list/dovecot-news/2018-February/000371.html
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510
https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4
https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e
https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141
https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b
https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11
https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732
https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34