---

CVE-2017-2669 - log back

CVE-2017-2669 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is passed to the var_expand() function and double expansion of %-variables is performed. A remote unauthenticated attacker could then send a specially crafted username containing %variables to cause a denial of service.
References	+ https://dovecot.org/list/dovecot-news/2017-April/000341.html + https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch
Notes