CVE-2017-15130

Published: Mar 2, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

Vendor	Product	Versions
The Dovecot Project	dovecot	affected `before 2.2.34`

Weaknesses (CWE)

CWE-400

References

USN-3587-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update

mailing-list

x_refsource_MLIST

DSA-4130

vendor-advisory

x_refsource_DEBIAN

USN-3587-2

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1532356

x_refsource_CONFIRM

[dovecot-news] 20180228 v2.2.34 released

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15130

Description

Affected Products

Weaknesses (CWE)

References