CVE-2017-2669 log

Severity Medium
Remote Yes
Type Denial of service
A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is passed to the var_expand() function and double expansion of %-variables is performed. A remote unauthenticated attacker could then send a specially crafted username containing %variables to cause a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-238 dovecot 2.2.28-3 Medium Fixed
Date Advisory Group Package Severity Type
01 May 2017 ASA-201705-1 AVG-238 dovecot Medium denial of service