Описание
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.28.5-0ubuntu0.18.04.3 |
| devel | not-affected | 3.36.4-1 |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 3.28.5-0ubuntu0.18.04.3 |
| esm-infra/focal | not-affected | 3.36.3-0ubuntu1.1 |
| esm-infra/xenial | not-affected | 3.18.5-1ubuntu1.3 |
| focal | released | 3.36.3-0ubuntu1.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3