CVE-2017-14461

Name: CVE-2017-14461
Creator: NVD / NIST
Published: 2018-03-02T15:29:00.21+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 17.57%

Last modified Jun 17, 2026

CVE-2017-14461 is a vulnerability of currently unknown severity. A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.. EPSS estimates a 17.57% chance of exploitation in the next 30 days.

Description

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Metrics

EPSS Probability

17.57%

96.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dovecot	Dovecot	2.2.33.2
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Ubuntu	Ubuntu	14.04
Ubuntu	Ubuntu	16.04
Ubuntu	Ubuntu	17.10

References

http://www.securityfocus.com/bid/103201Third Party Advisory, VDB Entry
https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510Third Party Advisory
https://usn.ubuntu.com/3587-1/Patch, Third Party Advisory
https://usn.ubuntu.com/3587-2/
https://www.debian.org/security/2018/dsa-4130Third Party Advisory
https://www.dovecot.org/list/dovecot-news/2018-February/000370.htmlIssue Tracking, Vendor Advisory
http://www.securityfocus.com/bid/103201Third Party Advisory, VDB Entry
https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510Third Party Advisory
https://usn.ubuntu.com/3587-1/Patch, Third Party Advisory
https://usn.ubuntu.com/3587-2/
https://www.debian.org/security/2018/dsa-4130Third Party Advisory
https://www.dovecot.org/list/dovecot-news/2018-February/000370.htmlIssue Tracking, Vendor Advisory

Timeline

Published: Mar 2, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14461?

How severe is CVE-2017-14461?

Severity scoring for CVE-2017-14461 is pending analysis. The EPSS model estimates a 17.57% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14461?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14461?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST