Back to search
CVE-2020-15953
Published: Jul 27, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/dinhvh/libetpan/issues/386
x_refsource_MISC
GLSA-202007-55
vendor-advisory
x_refsource_GENTOO
[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update
mailing-list
x_refsource_MLIST
FEDORA-2020-13ae5f7221
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-44e52ef729
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:1454
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1505
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now