Описание
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dovecot | fixed | 1:2.2.34-1 | package |
Примечания
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1
Связанные уязвимости
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
