Medium severity5.9OSV Advisory· Published Feb 17, 2017· Updated Jun 17, 2026
CVE-2016-8652
CVE-2016-8652
Description
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31.1.alpha1, 1.1.alpha2, 1.1.alpha4, …+ 2 more
- (no CPE)range: 1.1.alpha1, 1.1.alpha2, 1.1.alpha4, …
- cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*range: <=2.2.27
- (no CPE)range: <2.2.27
Patches
Vulnerability mechanics
References
4- dovecot.org/pipermail/dovecot-news/2016-December/000333.htmlnvdRelease NotesVendor Advisory
- www.openwall.com/lists/oss-security/2016/12/02/4nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/12/05/12nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/94639nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.