CVE-2020-16117

5.9MEDIUM

Key Information:

Vendor: Gnome
Status: Evolution-data-server
Vendor: CVE Published:; 29 July 2020

Summary

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

References

https://gitlab.gnome.org/GNOME/evolution-data-server/-/is...

x_refsource_MISC

https://gitlab.gnome.org/GNOME/evolution-data-server/-/co...

x_refsource_MISC

https://gitlab.gnome.org/GNOME/evolution-data-server/-/co...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jul 29, 2020

.