Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability

[Aki Tuomi <aki.tuomi () open-xchange com>]

Vulnerable versions: 2.0 - 2.2.33, 2.3.0
Fixed versions: 2.2.34, 2.3.0.1
Score: 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

This vulnerability comes in two flavors. A malicious party can send a
specially crafted email to a vulnerable system, causing it to crash
dovecot. In some systems, the mail can be stored into the mail system, 
causing crash every time it is being opened.

If the mail is stored into the mail system, it can be used to also leak
heap memory from IMAP process by requesting bodystructure of the mail.

This bug was separately reported by Cisco TALOS and thru HackerOne
program by 'flxflndy'.