Mail Client Vulnerability in GNOME Evolution-Data-Server
CVE-2020-16117

5.9MEDIUM

Key Information:

Vendor

Gnome
Status
Evolution-data-server
Vendor
CVE Published:
29 July 2020

What is CVE-2020-16117?

A vulnerability in GNOME's evolution-data-server affects versions prior to 3.35.91, allowing a malicious server to crash the mail client. This can occur through sending an invalid CAPABILITY line during connection attempts, which results in a NULL pointer dereference related to the imapx_free_capability and imapx_connect_to_server functions.

References

https://gitlab.gnome.org/GNOME/evolution-data-server/-/is...
x_refsource_MISC
https://gitlab.gnome.org/GNOME/evolution-data-server/-/co...
x_refsource_MISC
https://gitlab.gnome.org/GNOME/evolution-data-server/-/co...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.