CVE-2017-2669
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-2669
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2669.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-2669
- Downstream
- Related
- Published
- 2018-06-21T13:29:00Z
- Modified
- 2025-10-21T04:17:22.918839Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
- References
-
- http://www.openwall.com/lists/oss-security/2017/04/11/1
- http://www.securityfocus.com/bid/97536
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669
- https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html
- https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch
- https://www.debian.org/security/2017/dsa-3828
Affected packages
Git / github.com/dovecot/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dovecot/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.1.rc4
1.1.rc5
1.1.rc6
1.1.rc7
1.1.rc8
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.1.rc7
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7
Database specific
vanir_signatures
[
{
"source": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735",
"target": {
"file": "src/auth/db-dict.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-2669-8b3a137b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"267636158964568098863636960298466532724",
"2352569610556384996954443346264017109",
"93946251500024901057239984742115296506",
"24637658557778190796647398033891828969",
"211611469493583939446357562940970616992",
"278277978705547623851111021639629407269",
"124382171383543376698073773677944138094",
"187087530198002650493950430766339868348",
"162450648597069746051999601511029220517"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735",
"target": {
"function": "db_dict_iter_lookup_key_values",
"file": "src/auth/db-dict.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-2669-a636a152",
"digest": {
"length": 1242.0,
"function_hash": "258390715530272175125914701927623207390"
},
"signature_type": "Function"
}
]