QwikSec

Security Database

CVE

CWE

Training

CVE-2020-16117

Published: Jul 29, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189

x_refsource_MISC

https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5

x_refsource_MISC

https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7

x_refsource_MISC

[debian-lts-announce] 20200802 [SECURITY] [DLA 2309-1] evolution-data-server security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.