Launchpad CVE tracker

CVE 2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

Related bugs and status

CVE-2021-33515 (Candidate) is related to these bugs:

Bug #1945763: dovecot: Fail to build against OpenSSL 3.0

Summary				In	Importance	Status
	1945763	dovecot: Fail to build against OpenSSL 3.0		dovecot (Ubuntu)	High	Fix Released

Bug #1946855: Merge dovecot from Debian unstable for 22.04

Summary				In	Importance	Status
	1946855	Merge dovecot from Debian unstable for 22.04		dovecot (Ubuntu)	Undecided	Fix Released

Bug #1951325: FTBFS with LTO

Summary				In	Importance	Status
	1951325	FTBFS with LTO		dovecot (Ubuntu)	High	Fix Released
	1951325	FTBFS with LTO		dovecot (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.openwall.c...
MISC: https://dovecot.org/se...
FEDORA: FEDORA-2021-208340a217
FEDORA: FEDORA-2021-891c1ab1ac
GENTOO: GLSA-202107-41
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2021-33515

Related bugs and status

Related bugs

References