VDB

ALPINE-CVE-2017-15130

ALPINE-CVE-2017-15130 PUBLISHED CVSS 5.900000095367432 MEDIUM

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

Risk Scores

CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.9dovecot1.1.11-r1, 1.1.11-r0, 1.1.13-r0
Alpine:v3.23dovecot1.2.11-r1, 2.1.10-r0, 2.1.1-r0
Alpine:v3.7dovecot1.1.11-r0, 1.1.13-r0, 1.1.14-r0
Alpine:v3.21dovecot2.1.12-r0, 2.1.13-r0, 2.1.14-r0
Alpine:v3.15dovecot1.2.6-r1, 1.1.11-r0, 1.1.11-r1
Alpine:v3.8dovecot2.2.9-r0, 2.2.8-r0, 2.2.7-r0
Alpine:v3.17dovecot2.1.10-r0, 2.1.12-r0, 2.1.13-r0
Alpine:v3.13dovecot2.2.15-r0, 2.2.14-r0, 2.2.13-r0
Alpine:v3.12dovecot2.1.10-r1, 2.1.13-r0, 2.1.14-r0
Alpine:v3.16dovecot2.2.29.1-r0, 0, 1.1.11-r0
Alpine:v3.19dovecot2.1.10-r1, 2.1.12-r0, 2.1.13-r0
Alpine:v3.20dovecot2.1.1-r0, 2.2.9-r0, 2.2.8-r0
Alpine:v3.18dovecot2.1.10-r1, 2.1.12-r0, 2.1.13-r0
Alpine:v3.10dovecot1.1.13-r0, 2.2.9-r0, 2.2.8-r0
Alpine:v3.11dovecot2.2.9-r0, 0, 1.1.11-r0
Alpine:v3.22dovecot2.2.8-r0, 2.2.9-r0, 2.0.12-r0
Alpine:v3.14dovecot1.1.11-r0, 2.2.9-r0, 2.2.8-r0

Timeline

  • Mar 2, 2018 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›