Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Published

2020-07-29T18:15:14.860

Last Modified

2024-11-21T05:06:47.590

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	evolution-data-server	< 3.35.91	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 Patch, Vendor Advisory ([email protected])
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 Release Notes, Vendor Advisory ([email protected])
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 Exploit, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html Third Party Advisory ([email protected])
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)