CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.8%
A denial of service flaw was found in dovecot before 2.2.34. An attacker
able to generate random SNI server names could exploit TLS SNI
configuration lookups, leading to excessive memory usage and the process to
restart.
Author | Note |
---|---|
mdeslaur | affects 2.2.0 - 2.2.33, 2.3.0 |
www.openwall.com/lists/oss-security/2018/03/01/3
launchpad.net/bugs/cve/CVE-2017-15130
nvd.nist.gov/vuln/detail/CVE-2017-15130
security-tracker.debian.org/tracker/CVE-2017-15130
ubuntu.com/security/notices/USN-3587-1
ubuntu.com/security/notices/USN-3587-2
www.cve.org/CVERecord?id=CVE-2017-15130
www.dovecot.org/list/dovecot-news/2018-February/000370.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.8%