CVE-2020-16117

Published: 29 July 2020

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
evolution-data-server
Launchpad, Ubuntu, Debian
Upstream
Released (3.36.0-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.36.3-0ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist