Back to search
CVE-2017-15132
Published: Jan 25, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
| Vendor | Product | Versions |
|---|---|---|
The Dovecot Project | dovecot | affected 2.0 up to 2.2.33 and 2.3.0 |
Weaknesses (CWE)
References
[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1532768
x_refsource_CONFIRM
DSA-4130
vendor-advisory
x_refsource_DEBIAN
USN-3556-1
vendor-advisory
x_refsource_UBUNTU
USN-3556-2
vendor-advisory
x_refsource_UBUNTU
[dovecot-news] 20180228 v2.2.34 released
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now