CVE-2017-15132 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2017-15132

CVE-2017-15132

January 25, 2018

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Related Resources (8)

https://www.debian.org/security/2018/dsa-4130

https://access.redhat.com/security/cve/CVE-2017-15132

https://bugzilla.redhat.com/show_bug.cgi?id=1532768

https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch

https://usn.ubuntu.com/3556-1/

https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html

https://usn.ubuntu.com/3556-2/

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Missing Release of Resource after Effective Lifetime

CWE-772

Uncontrolled Resource Consumption

CWE-400

EPSS

Base Score:

4.61

Products

Solutions

Resources

Company

Compare

Developer Tools