690
VMScore

CVE-2015-3420

CVSSv4: NA | CVSSv3: 5.9 | CVSSv2: 4.3 | VMScore: 690 | EPSS: 0.0352 | KEV: Not Included
Published: 19/09/2017 Updated: 21/11/2024

Vulnerability Summary

The ssl-proxy-openssl.c function in Dovecot prior to 2.2.17, when SSLv3 is disabled, allow remote malicious users to cause a denial of service (login process crash) via vectors related to handshake failures.

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot

fedoraproject fedora 20

fedoraproject fedora 21

fedoraproject fedora 22

Vendor Advisories

Debian Bug report logs - #783649 dovecot: CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Apr 2015 18:15:01 UTC S ...
The ssl-proxy-opensslc function in Dovecot before 2217, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures ...