7.1

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Data is provided by the National Vulnerability Database (NVD)
DovecotDovecot Version2.2.33.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
UbuntuUbuntu Version14.04 SwEditionlts
UbuntuUbuntu Version16.04 SwEditionlts
UbuntuUbuntu Version17.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.03% 0.764
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 2.8 4.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:N/A:P
talos-cna@cisco.com 5.9 1.6 4.2
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/103201
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3587-1/
Patch
Third Party Advisory