CVE-2020-16118
published 2020-07-29CVE-2020-16118: In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | balsa | < balsa 2.6.0-1 (bookworm) | balsa 2.6.0-1 (bookworm) |
| gnome | balsa | < 2.6.0 | 2.6.0 |
| gnome | balsa | >= 0 < 2.6.0-1 | 2.6.0-1 |
| gnome | balsa | >= 0 < 2.6.0-1 | 2.6.0-1 |
| gnome | balsa | >= 0 < 2.6.0-1 | 2.6.0-1 |
| gnome | balsa | >= 0 < 2.6.0-1 | 2.6.0-1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH