CVE-2017-15132
7.5
HIGH
CVSS 3.1
EPSS 2.8%
Description
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
How to fix CVE-2017-15132
To remediate CVE-2017-15132, upgrade the affected package to a fixed version below.
- Alpine/dovecot—upgrade to 2.3.1-r0 or later
- —upgrade to 1:2.2.34-1 or later
Is CVE-2017-15132 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.1-r0
- from 0, < 1:2.2.34-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |