Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.

  • Published: Apr 16, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-10140
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Low
  • Score: 4.6
  • AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
postfix / postfix 3.2.0 3.2.2
postfix / postfix 3.1.0 3.1.6
postfix / postfix 3.0.0 3.0.10
postfix / postfix - 2.11.10