{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T10:17:48.949","vulnerabilities":[{"cve":{"id":"CVE-2017-2669","sourceIdentifier":"secalert@redhat.com","published":"2018-06-21T13:29:00.317","lastModified":"2024-11-21T03:23:56.570","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang."},{"lang":"es","value":"Dovecot en versiones anteriores a la 2.2.29 es vulnerable a una denegación de servicio (DoS). Cuando se emplearon los \"dict\" passdb y userdb para la autenticación de usuarios, el nombre de usuario enviado por el cliente IMAP/POP3 se envió mediante var_expand() para realizar la expansión de %variable. El envío de campos %variable especialmente manipulados podría resultar en un uso excesivo de memoria que provoca que el proceso se cierre inesperadamente (y se reinicie) o en un uso excesivo de CPU que provoca que todas las autenticaciones dejen de responder."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.26","versionEndIncluding":"2.2.28","matchCriteriaId":"D6A0F511-D72E-464A-BA7B-477C9CC0B479"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/04/11/1","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97536","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3828","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/04/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97536","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3828","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}