CVE-2017-15132

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A flaw was found in dovecot before 2.2.34 and 2.3.0.1. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
Group Package Affected Fixed Severity Status Ticket
AVG-645 dovecot 2.3.0-2 2.3.0.1-1 High Fixed
Date Advisory Group Package Severity Description
06 Mar 2018 ASA-201803-7 AVG-645 dovecot High multiple issues
References
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060