---

CVE-2017-14461 - log back

CVE-2017-14461 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Information disclosure
Description	+ A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure of an email from another user or may cause an application crash. In order to trigger this vulnerability, an imap-authenticated attacker needs to send a specially crafted email message to the server.
References	+ https://www.dovecot.org/list/dovecot-news/2018-February/000371.html + https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510 + https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4 + https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e + https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141 + https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b + https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11 + https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732 + https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34
Notes