CVE-2021-33515

Опубликовано: 28 июн. 2021

Источник: debian

EPSS Низкий

Описание

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
dovecot	fixed	1:2.3.13+dfsg1-2		package
dovecot	not-affected		stretch	package

Примечания

https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
https://www.openwall.com/lists/oss-security/2021/06/28/2

EPSS

Процентиль: 88%

0.03726

Низкий

Связанные уязвимости

CVE-2021-33515

CVSS3: 4.8

ubuntu

около 4 лет назад

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

CVE-2021-33515

CVSS3: 4.2

redhat

около 4 лет назад

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

CVE-2021-33515

CVSS3: 4.8

nvd

около 4 лет назад

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

RLSA-2022:1950

rocky

около 3 лет назад

Moderate: dovecot security update

GHSA-pwmq-cvcm-r5p2

CVSS3: 4.8

github

около 3 лет назад

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

EPSS

Процентиль: 88%

0.03726

Низкий