{"api_version":"1","generated_at":"2026-04-23T03:24:49+00:00","cve":"CVE-2017-15132","urls":{"html":"https://cve.report/CVE-2017-15132","api":"https://cve.report/api/cve/CVE-2017-15132.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15132","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15132"},"summary":{"title":"CVE-2017-15132","description":"A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-01-25 20:29:00","updated_at":"2019-10-09 23:24:00"},"problem_types":["CWE-772"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2018/dsa-4130","name":"DSA-4130","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4130-1 dovecot","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3556-1/","name":"USN-3556-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3556-1: Dovecot vulnerability | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3556-2/","name":"USN-3556-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3556-2: Dovecot vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html","name":"[dovecot-news] 20180228 v2.2.34 released","refsource":"MLIST","tags":["Vendor Advisory"],"title":"[Dovecot-news] v2.2.34 released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532768","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1532768","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Bug 1532768 – CVE-2017-15132 dovecot: Auth leaks memory if SASL authentication is aborted","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html","name":"[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 1333-1] dovecot security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch","name":"https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15132","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15132","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dovecot","cpe5":"dovecot","cpe6":"2.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dovecot","cpe5":"dovecot","cpe6":"2.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15132","vulnerable":"1","versionEndIncluding":"2.2.33","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dovecot","cpe5":"dovecot","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15132","qid":"500152","title":"Alpine Linux Security Update for dovecot"},{"cve":"CVE-2017-15132","qid":"503802","title":"Alpine Linux Security Update for dovecot"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","DATE_PUBLIC":"2018-01-25T00:00:00","ID":"CVE-2017-15132","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"dovecot","version":{"version_data":[{"version_value":"2.0 up to 2.2.33 and 2.3.0"}]}}]},"vendor_name":"The Dovecot Project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400"}]}]},"references":{"reference_data":[{"name":"https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch","refsource":"CONFIRM","url":"https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch"},{"name":"[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1532768","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532768"},{"name":"DSA-4130","refsource":"DEBIAN","url":"https://www.debian.org/security/2018/dsa-4130"},{"name":"USN-3556-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3556-1/"},{"name":"USN-3556-2","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3556-2/"},{"name":"[dovecot-news] 20180228 v2.2.34 released","refsource":"MLIST","url":"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"}]}},"nvd":{"publishedDate":"2018-01-25 20:29:00","lastModifiedDate":"2019-10-09 23:24:00","problem_types":["CWE-772"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.2.33","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dovecot:dovecot:2.3.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15132","Ordinal":"112634","Title":"CVE-2017-15132","CVE":"CVE-2017-15132","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15132","Ordinal":"1","NoteData":"A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15132","Ordinal":"2","NoteData":"2018-01-25","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15132","Ordinal":"3","NoteData":"2018-04-01","Type":"Other","Title":"Modified"}]}}}