CVE-2017-15132

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: dovecot versions 2.0 through 2.2.33 dovecot version 2.3.0

Description: A flaw in the SASL authentication process can cause a memory leak in dovecot's auth client, which is used by login processes. This issue can have significant impact in high-performance configurations where the same login processes are reused, potentially leading to process crashes due to memory exhaustion. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations: For dovecot versions 2.0 through 2.2.33, consider updating to a version that fixes the memory leak issue. For dovecot version 2.3.0, consider updating to a version that fixes the memory leak issue. As a temporary workaround, consider restricting the reuse of login processes to minimize the risk of memory exhaustion.

Fix

Resource Exhaustion

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-772

Related Identifiers

ALT-PU-2018-1065

BDU:2020-00781

CVE-2017-15132

DLA-1333-1

DSA-4130-1

MGASA-2018-0114

OPENSUSE-SU-2024:10726-1

OPENSUSE-SU-2025:14715-1

SUSE-SU-2018:0466-1

SUSE-SU-2018_0466-1

USN-3556-1

USN-3556-2

Affected Products

Alt Linux

Suse

Ubuntu

Dovecot

CVE-2017-15132

Weakness Enumeration

Related Identifiers

Affected Products

References · 58