VDB

CVE-2020-16117

CVE-2020-16117 PUBLISHED

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

EPSS 1.59% · 82.0th percentile

Risk Scores

EPSS Score
1.59%
82.0th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSevolution-data-server0, 3.16.5-1ubuntu3, 3.18.2-0ubuntu1
Ubuntu:18.04:LTSevolution-data-server3.27.90-1ubuntu1, 3.28.5-0ubuntu0.18.04.3, 0

Timeline

  • Jul 29, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›