Name | CVE-2017-15130 |
Description | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1333-1, DSA-4130-1 |
Debian Bugs | 891820 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
dovecot (PTS) | bullseye | 1:2.3.13+dfsg1-2+deb11u1 | fixed |
bullseye (security) | 1:2.3.13+dfsg1-2+deb11u2 | fixed | |
bookworm, bookworm (security) | 1:2.3.19.1+dfsg1-2.1+deb12u1 | fixed | |
sid, trixie | 1:2.3.21.1+dfsg1-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
dovecot | source | wheezy | 1:2.1.7-7+deb7u2 | DLA-1333-1 | ||
dovecot | source | jessie | 1:2.2.13-12~deb8u4 | DSA-4130-1 | ||
dovecot | source | stretch | 1:2.2.27-3+deb9u2 | DSA-4130-1 | ||
dovecot | source | (unstable) | 1:2.2.34-1 | 891820 |
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1