CVE-2017-15132

Dovecot could be made to crash if it received specially crafted input ...

Several security issues were fixed in Dovecot ...

Several vulnerabilities have been discovered in the Dovecot email server The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and flxflndy discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory content ...

Debian Bug report logs - #891820 dovecot: CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Mar 2018 07:33:05 UTC Seve ...

Debian Bug report logs - #888432 dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jan 2018 14:42:02 UTC Severity ...

Debian Bug report logs - #891819 dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Mar 2018 07:33:02 UTC Severity: grave ...

Aborting the process of SASL authentication can lead to a memory leak when the same login processes are reused An attacker could use this flaw to cause a denial of service due to memory exhaustion ...

A flaw was found in dovecot before 2234 and 2301 An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion ...