VDB

MAGEIA-2020-351

MAGEIA-2020-351 PUBLISHED

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". (CVE-2020-14928) In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. (CVE-2020-16117)

Affected Products

VendorProductVersions
Mageiaevolution-data-server0, 3.32.2-1.2.mga7

Timeline

  • Aug 28, 2020 CVE Updated
  • Aug 28, 2020 CVE Published
  • Mar 17, 2026 Distribution Patch
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›