CLD-306 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
dovecot |
| Deficiency Type |
SECURITY |
| Date Created |
2018-02-28 16:25:46 |
| Date Last Modified |
2018-02-28 17:15:54 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in dovecot-2.2.34-i686-1 |
| Cucumber 1.0 x86_64 | fixed in dovecot-2.2.34-x86_64-1 |
| Cucumber 1.1 i686 |
fixed in dovecot-2.2.34-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in dovecot-2.2.34-x86_64-1 |
Details:
From https://dovecot.org/list/dovecot-news/2018-February/000370.html:
* CVE-2017-14461: Parsing invalid email addresses may cause a crash or
leak memory contents to attacker. For example, these memory contents
might contain parts of an email from another user if the same imap
process is reused for multiple users. First discovered by Aleksandar
Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
via HackerOne.