CLD-306 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-14461 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) dovecot
Deficiency Type SECURITY
Date Created 2018-02-28 16:25:46
Date Last Modified 2018-02-28 17:15:54

Version Specific Information:

Cucumber 1.0 i686 fixed in dovecot-2.2.34-i686-1
Cucumber 1.0 x86_64 fixed in dovecot-2.2.34-x86_64-1

Cucumber 1.1 i686 fixed in dovecot-2.2.34-i686-1
Cucumber 1.1 x86_64 fixed in dovecot-2.2.34-x86_64-1

Details:

From https://dovecot.org/list/dovecot-news/2018-February/000370.html:
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.