CVE-2020-16117 — NULL Pointer Dereference in Evolution-data-server

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.9MEDIUMNVD

EPSS

1.6%

top 18.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution-data-server Debian Linux

Timeline

PublishedJul 29

Latest updateMay 24

Description

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDgnome/evolution-data-server< 3.35.91

▶Debiangnome/evolution-data-server< 3.36.0-1+3

Also affects: Debian Linux 9.0

Patches

Patch: gitlab.gnome.org ↗Patch: gitlab.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-j89v-2w65-5qmq: In GNOME evolution-data-server before 3↗2022-05-24

▶

CVEList

CVE-2020-16117: In GNOME evolution-data-server before 3↗2020-07-29

▶

OSV

CVE-2020-16117: In GNOME evolution-data-server before 3↗2020-07-29

▶

📋Vendor Advisories

Red Hat

evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server↗2020-07-30

▶

Debian

CVE-2020-16117: evolution-data-server - In GNOME evolution-data-server before 3.35.91, a malicious server can crash the ...↗2020

▶

💬Community

Bugzilla

CVE-2020-16117 evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server↗2020-07-30

▶

Bugzilla

CVE-2020-16117 evolution-data-server: NULL pointer dereference elated to imapx_free_capability and imapx_connect_to_server [fedora-all]↗2020-07-30

▶