CVE-2017-2669

EUVD-2017-11814
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
redhatCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
dovecotdovecot
2.2.26 ≤
𝑥
≤ 2.2.28
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bookworm
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bookworm (security)
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bullseye
1:2.3.13+dfsg1-2+deb11u1
fixed
bullseye (security)
1:2.3.13+dfsg1-2+deb11u2
fixed
jessie
not-affected
sid
1:2.3.21.1+dfsg1-1
fixed
trixie
1:2.3.21.1+dfsg1-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
precise
not-affected
trusty
not-affected
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2017/04/11/1
http://www.securityfocus.com/bid/97536
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669
https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch
https://www.debian.org/security/2017/dsa-3828
http://www.openwall.com/lists/oss-security/2017/04/11/1
http://www.securityfocus.com/bid/97536
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669
https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch
https://www.debian.org/security/2017/dsa-3828