CVE-2017-2669 - log back

CVE-2017-2669 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is passed to the var_expand() function and double expansion of %-variables is performed. A remote unauthenticated attacker could then send a specially crafted username containing %variables to cause a denial of service.
References
+ https://dovecot.org/list/dovecot-news/2017-April/000341.html
+ https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch
Notes