CVE-2020-15917Claws-mail vulnerability

7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
2.2%
top 15.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Claws-mailFedoraproject FedoraOpensuse Backports SLE+1 more
Timeline
PublishedJul 23
Latest updateMay 24

Description

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDclaws-mail/claws-mail< 3.17.6
Debianclaws-mail/claws-mail< 3.17.6-1+3
NVDopensuse/leap15.1, 15.2+1

Also affects: Fedora 31, 32

🔴Vulnerability Details

3
GHSA
GHSA-9rxj-vjg6-w53x: common/session2022-05-24
OSV
CVE-2020-15917: common/session2020-07-23
CVEList
CVE-2020-15917: common/session2020-07-23

📋Vendor Advisories

1
Debian
CVE-2020-15917: claws-mail - common/session.c in Claws Mail before 3.17.6 has a protocol violation because su...2020

💬Community

2
Bugzilla
CVE-2020-15917 claws-mail: protocol violation because suffix data after STARTTLS is mishandled2020-07-24
Bugzilla
CVE-2020-15917 claws-mail: protocol violation because suffix data after STARTTLS is mishandled [fedora-all]2020-07-24
CVE-2020-15917 — Claws-mail vulnerability | cvebase