CVE-2017-14461
dovecot - security update
7.1
HIGH
CVSS 3.1
EPSS 1.7%
Description
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
How to fix CVE-2017-14461
To remediate CVE-2017-14461, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.1-r0 or later
- —upgrade to 1:2.2.34-1 or later
- —upgrade to 1:2.1.7-7+deb7u2 or later
- —upgrade to 1:2.2.13-12~deb8u4 or later
Is CVE-2017-14461 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 2.3.1-r0
- from 0, < 1:2.2.34-1
- from 0, < 1:2.1.7-7+deb7u2
- from 0, < 1:2.2.13-12~deb8u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |