|Type||Denial of service|
A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is passed to the var_expand() function and double expansion of %-variables is performed. A remote unauthenticated attacker could then send a specially crafted username containing %variables to cause a denial of service.
|01 May 2017||ASA-201705-1||AVG-238||dovecot||Medium||denial of service|