Home

CVE-2021-33515

Description

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

Risk Information

Base Score
4.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
3.627

Associated Vulnerability

VulnerabilityOS Platform
IMAP and POP3 email server (USN-4993-1) dovecot-core_2.3.7.2-1ubuntu3.4_amd64.debLinux
IMAP and POP3 email server (USN-4993-1) dovecot-core_2.3.13+dfsg1-1ubuntu1.1_amd64.debLinux
IMAP and POP3 email server (USN-4993-1) dovecot-core_2.3.11.3+dfsg1-2ubuntu0.2_amd64.debLinux
(RHSA-2022:1950) dovecot security update dovecot-debugsource-2.3.16-2.el8.x86_64.rpmLinux
(RHSA-2022:1950) dovecot security update dovecot-mysql-2.3.16-2.el8.x86_64.rpmLinux
(RHSA-2022:1950) dovecot security update dovecot-pgsql-2.3.16-2.el8.x86_64.rpmLinux
(RHSA-2022:1950) dovecot security update dovecot-pigeonhole-2.3.16-2.el8.x86_64.rpmLinux
dovecot security update (RLSA-2022:1950) dovecot-2.3.16-2.el8.x86_64.rpmLinux
dovecot security update (RLSA-2022:1950) dovecot-mysql-2.3.16-2.el8.x86_64.rpmLinux
dovecot security update (RLSA-2022:1950) dovecot-pgsql-2.3.16-2.el8.x86_64.rpmLinux
dovecot security update (RLSA-2022:1950) dovecot-pigeonhole-2.3.16-2.el8.x86_64.rpmLinux
Dovecot update (ELSA-2022-1950) dovecot-2.3.16-2.el8.x86_64.rpmLinux
Dovecot-mysql update (ELSA-2022-1950) dovecot-mysql-2.3.16-2.el8.x86_64.rpmLinux
Dovecot-pgsql update (ELSA-2022-1950) dovecot-pgsql-2.3.16-2.el8.x86_64.rpmLinux
Dovecot-pigeonhole update (ELSA-2022-1950) dovecot-pigeonhole-2.3.16-2.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234