Описание
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | evolution-data-server | Out of support scope | ||
| Red Hat Enterprise Linux 6 | evolution-data-server | Out of support scope | ||
| Red Hat Enterprise Linux 7 | evolution-data-server | Fix deferred | ||
| Red Hat Enterprise Linux 8 | bogofilter | Fixed | RHSA-2020:4649 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | evolution | Fixed | RHSA-2020:4649 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | evolution-data-server | Fixed | RHSA-2020:4649 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | evolution-mapi | Fixed | RHSA-2020:4649 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | openchange | Fixed | RHSA-2020:4649 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
EPSS
5.3 Medium
CVSS3