Null Pointer Dereference in GNOME Balsa Email Client
CVE-2020-16118

7.5HIGH

Key Information:

Vendor

Gnome
Status
Balsa
Vendor
CVE Published:
29 July 2020

What is CVE-2020-16118?

In GNOME Balsa prior to version 2.6.0, a vulnerability exists that allows a malicious server operator or a man-in-the-middle attacker to exploit the application. By sending a specially crafted PREAUTH response during the IMAP connection process, this vulnerability can lead to a NULL pointer dereference, which subsequently causes the client to crash. This presents a significant risk to user data and security during email communication.

References

https://gitlab.gnome.org/GNOME/balsa/-/issues/23
x_refsource_MISC
https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.