Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2021-33515

Published: 28/06/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Dovecot

Vulnerability Summary

The submission service in Dovecot prior to 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 10.0

Vendor Advisories

Red Hat: Moderate: dovecot security update
Synopsis Moderate: dovecot security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Debian CVElist Bug Report Logs: dovecot: CVE-2021-33515 CVE-2021-29157 CVE-2020-28200
Debian Bug report logs - #990566 dovecot: CVE-2021-33515 CVE-2021-29157 CVE-2020-28200 Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 2 Jul 2021 08:45:02 UTC Severity: grave Tags: security, upstream F ...
Arch Linux Issues:
A security issue has been found in Dovecot before version 23141 An on-path attacker could inject plaintext commands before the STARTTLS negotiation that would be executed after STARTTLS finished with the client Only the SMTP submission service is affected As a result, an attacker can potentially steal user credentials and mails The attacker ...

Mailing Lists

Full Disclosure: CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection <!--X-Subject-Header-End--> <!--X-Head-of-Message--> Fro ...

References

CWE-77https://dovecot.org/securityhttps://www.openwall.com/lists/oss-security/2021/06/28/2https://security.gentoo.org/glsa/202107-41https://lists.debian.org/debian-lts-announce/2022/09/msg00032.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/https://access.redhat.com/errata/RHSA-2022:1950https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-33515
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook