{"api_version":"1","generated_at":"2026-04-17T09:11:47+00:00","cve":"CVE-2017-14461","urls":{"html":"https://cve.report/CVE-2017-14461","api":"https://cve.report/api/cve/CVE-2017-14461.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14461","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14461"},"summary":{"title":"CVE-2017-14461","description":"A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2018-03-02 15:29:00","updated_at":"2022-04-19 19:15:00"},"problem_types":["CWE-200","CWE-125"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/3587-1/","name":"USN-3587-1","refsource":"UBUNTU","tags":["Patch","Third Party Advisory"],"title":"USN-3587-1: Dovecot vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2018/dsa-4130","name":"DSA-4130","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4130-1 dovecot","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3587-2/","name":"USN-3587-2","refsource":"UBUNTU","tags":[],"title":"USN-3587-2: Dovecot vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html","name":"[dovecot-news] 20180228 v2.2.34 released","refsource":"MLIST","tags":["Issue Tracking","Vendor Advisory"],"title":"[Dovecot-news] v2.2.34 released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510","refsource":"MISC","tags":["Third Party Advisory"],"title":"TALOS-2017-0510 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/103201","name":"103201","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html","name":"[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1333-1] dovecot security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14461","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14461","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dovecot","cpe5":"dovecot","cpe6":"2.2.33.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dovecot","cpe5":"dovecot","cpe6":"2.2.33.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14461","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-14461","qid":"500152","title":"Alpine Linux Security Update for dovecot"},{"cve":"CVE-2017-14461","qid":"503802","title":"Alpine Linux Security Update for dovecot"},{"cve":"CVE-2017-14461","qid":"671129","title":"EulerOS Security Update for dovecot (EulerOS-SA-2019-2138)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","DATE_PUBLIC":"2018-02-28T00:00:00","ID":"CVE-2017-14461","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Dovecot","version":{"version_data":[{"version_value":"2.2.33.2"}]}}]},"vendor_name":"The Dovecot Project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125: Out-of-bounds Read"}]}]},"references":{"reference_data":[{"name":"USN-3587-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3587-1/"},{"name":"[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"},{"name":"DSA-4130","refsource":"DEBIAN","url":"https://www.debian.org/security/2018/dsa-4130"},{"name":"USN-3587-2","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3587-2/"},{"name":"103201","refsource":"BID","url":"http://www.securityfocus.com/bid/103201"},{"name":"[dovecot-news] 20180228 v2.2.34 released","refsource":"MLIST","url":"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"},{"name":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510","refsource":"MISC","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510"}]},"impact":{"cvss":{"baseScore":5.9,"baseSeverity":"Medium","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H","version":"3.0"}}},"nvd":{"publishedDate":"2018-03-02 15:29:00","lastModifiedDate":"2022-04-19 19:15:00","problem_types":["CWE-200","CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dovecot:dovecot:2.2.33.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ubuntu:ubuntu:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ubuntu:ubuntu:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ubuntu:ubuntu:17.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14461","Ordinal":"111897","Title":"CVE-2017-14461","CVE":"CVE-2017-14461","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14461","Ordinal":"1","NoteData":"A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"14461","Ordinal":"2","NoteData":"2018-03-02","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14461","Ordinal":"3","NoteData":"2018-04-03","Type":"Other","Title":"Modified"}]}}}