CVE-2020-16118

7.5HIGH

Key Information:

Vendor: Gnome
Status: Balsa
Vendor: CVE Published:; 29 July 2020

Summary

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

References

https://gitlab.gnome.org/GNOME/balsa/-/issues/23

x_refsource_MISC

https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jul 29, 2020