CVE-2017-2669
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
Dovecot en versiones anteriores a la 2.2.29 es vulnerable a una denegación de servicio (DoS). Cuando se emplearon los "dict" passdb y userdb para la autenticación de usuarios, el nombre de usuario enviado por el cliente IMAP/POP3 se envió mediante var_expand() para realizar la expansión de %variable. El envío de campos %variable especialmente manipulados podría resultar en un uso excesivo de memoria que provoca que el proceso se cierre inesperadamente (y se reinicie) o en un uso excesivo de CPU que provoca que todas las autenticaciones dejen de responder.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-04-11 CVE Published
- 2024-01-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2017/04/11/1 | Mailing List | |
http://www.securityfocus.com/bid/97536 | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669 | Issue Tracking | |
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html | 2019-10-09 | |
https://www.debian.org/security/2017/dsa-3828 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | >= 2.2.26 <= 2.2.28 Search vendor "Dovecot" for product "Dovecot" and version " >= 2.2.26 <= 2.2.28" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|