Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-16117

Опубликовано: 30 июл. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system availability.

Отчет

The flaw requires a malicious server and it can at most make the client application crash, without additional damage to the client's data or system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5evolution-data-serverOut of support scope
Red Hat Enterprise Linux 6evolution-data-serverOut of support scope
Red Hat Enterprise Linux 7evolution-data-serverFix deferred
Red Hat Enterprise Linux 8evolutionFixedRHSA-2021:175218.05.2021
Red Hat Enterprise Linux 8evolution-data-serverFixedRHSA-2021:175218.05.2021
Red Hat Enterprise Linux 8evolution-ewsFixedRHSA-2021:175218.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1862125evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server

EPSS

Процентиль: 63%
0.00454
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-16117

CVSS3: 5.9
ubuntu
больше 5 лет назад

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

nvd логотип

CVE-2020-16117

CVSS3: 5.9
nvd
больше 5 лет назад

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

debian логотип

CVE-2020-16117

CVSS3: 5.9
debian
больше 5 лет назад

In GNOME evolution-data-server before 3.35.91, a malicious server can ...

rocky логотип

RLSA-2021:1752

rocky
больше 4 лет назад

Low: evolution security, bug fix, and enhancement update

github логотип

GHSA-j89v-2w65-5qmq

github
больше 3 лет назад

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

EPSS

Процентиль: 63%
0.00454
Низкий

5.9 Medium

CVSS3