CVE-2017-14461
Description
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/dovecot23&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/dovecot24&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.3.16-1.6+ 4 more
- (no CPE)range: < 2.3.16-1.6
- (no CPE)range: < 2.4.0-1.1
- (no CPE)range: < 2.2.31-19.8.1
- (no CPE)range: < 2.2.31-19.8.1
- (no CPE)range: < 2.2.31-19.8.1
- The Dovecot Project/Dovecotv5Range: 2.2.33.2
Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Root cause
"The RFC822 parser in Dovecot does not properly validate buffer boundaries when parsing email addresses, leading to out-of-bounds reads."
Attack vector
An attacker can trigger this vulnerability by sending a specially crafted email over SMTP to a Dovecot server. The email must contain malformed address fields, such as those with unbalanced parentheses or unclosed brackets within quoted strings or domain literals. When Dovecot's MTA passes this email to the parser, functions like `rfc822_skip_comment`, `rfc822_parse_domain_literal`, or `rfc822_parse_quoted_string` can be invoked with invalid context, leading to an out-of-bounds read [ref_id=1].
Affected code
The vulnerability resides in the RFC822 parser implementation within Dovecot. Specifically, the functions `rfc822_skip_comment`, `rfc822_parse_domain_literal`, and `rfc822_parse_quoted_string` are identified as being susceptible to triggering an out-of-bounds read due to improper handling of input data [ref_id=1]. The issue stems from how the parser increments its data pointer without sufficient checks against buffer boundaries.
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. However, it indicates that the issue lies within the RFC822 parser's handling of email addresses, specifically in functions like `rfc822_skip_comment`, `rfc822_parse_domain_literal`, and `rfc822_parse_quoted_string` [ref_id=1]. A fix would likely involve adding boundary checks to prevent the parser from reading beyond allocated memory buffers.
Preconditions
- networkThe attacker must be able to send emails to the target server via SMTP.
- inputThe attacker must send a specially crafted email with malformed address fields.
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- usn.ubuntu.com/3587-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3587-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4130mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/103201mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2018/03/msg00036.htmlmitremailing-listx_refsource_MLIST
- talosintelligence.com/vulnerability_reports/TALOS-2017-0510mitrex_refsource_MISC
- www.dovecot.org/list/dovecot-news/2018-February/000370.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.