CVE-2017-15132
25.01.2018, 20:29
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dovecot | dovecot | 2.0.0 ≤ 𝑥 ≤ 2.2.33 |
| dovecot | dovecot | 2.3.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-772 - Missing Release of Resource after Effective LifetimeThe software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
References