VDB
CVE-2021-33515
CVE-2021-33515
PUBLISHED
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
EPSS 5.86% · 90.7th percentile
Risk Scores
EPSS Score
5.86%
90.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | dovecot | 0, 1:2.3.4.1-5ubuntu3, 1:2.3.7.2-1ubuntu1 |
Timeline
- Jun 21, 2021 CVE Published
- Jun 29, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jun 29, 2025 EPSS Score
- Jun 30, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-33515 third-party-advisory
- https://dovecot.org/pipermail/dovecot-news/2021-June/000457.html third-party-advisory
- https://dovecot.org/pipermail/dovecot-news/2021-June/000459.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4993-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33515 third-party-advisory