CVE-2021-33515

MEDIUM4.8EPSS 5.9%

dovecot - security update

發布日:2021/6/28修改日:2026/4/28

也稱為:ALPINE-CVE-2021-33515DEBIAN-CVE-2021-33515

描述

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

受影響套件(3)

Alpine/dovecotfrom 0, < 2.3.15-r0
Debian/dovecotfrom 0, < 1:2.3.13+dfsg1-2
Debian/dovecotfrom 0, < 1:2.3.4.1-5+deb10u7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2021-33515
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-33515