CVE-2020-14928
Description
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a begin TLS response, eds reads additional data and evaluates it in a TLS context, aka response injection.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
6.354
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| evolution-data-server security update(DSA-4725-1) evolution-data-server_3.30.5-1+deb10u1_i386.deb | Linux |
| evolution-data-server security update(DSA-4725-1) evolution-data-server_3.30.5-1+deb10u1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-54_3.18.5-1ubuntu1.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-54_3.18.5-1ubuntu1.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-61_3.28.5-0ubuntu0.18.04.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-61_3.28.5-0ubuntu0.18.04.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-62_3.36.3-0ubuntu1.1_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-62_3.36.3-0ubuntu1.1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.18.5-1ubuntu1.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.18.5-1ubuntu1.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.36.3-0ubuntu1.1_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.36.3-0ubuntu1.1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.28.5-0ubuntu0.18.04.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libebackend-1.2-10_3.28.5-0ubuntu0.18.04.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server_3.18.5-1ubuntu1.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server_3.18.5-1ubuntu1.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server_3.36.3-0ubuntu1.1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server_3.28.5-0ubuntu0.18.04.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server_3.28.5-0ubuntu0.18.04.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-21_3.18.5-1ubuntu1.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-21_3.18.5-1ubuntu1.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-23_3.28.5-0ubuntu0.18.04.3_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-23_3.28.5-0ubuntu0.18.04.3_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-24_3.36.3-0ubuntu1.1_i386.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-24_3.36.3-0ubuntu1.1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server-common_3.18.5-1ubuntu1.3_all.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server-common_3.36.3-0ubuntu1.1_all.deb | Linux |
| Evolution suite data server (USN-4429-1) evolution-data-server-common_3.28.5-0ubuntu0.18.04.3_all.deb | Linux |
| (RHSA-2020:4649)Low: security and bug fix update bogofilter-debuginfo-1.2.5-2.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-bogofilter-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-data-server-debuginfo-3.28.5-14.el8.i686.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-data-server-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-data-server-tests-debuginfo-3.28.5-14.el8.i686.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-data-server-tests-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-mapi-debuginfo-3.28.3-3.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-pst-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update evolution-spamassassin-debuginfo-3.28.5-14.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update openchange-client-debuginfo-2.3-26.el8.i686.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update openchange-client-debuginfo-2.3-26.el8.x86_64.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update openchange-debuginfo-2.3-26.el8.i686.rpm | Linux |
| (RHSA-2020:4649)Low: security and bug fix update openchange-debuginfo-2.3-26.el8.x86_64.rpm | Linux |
| Evolution suite data server (USN-4429-1) libcamel-1.2-62_3.36.3-0ubuntu1.1_amd64.deb | Linux |
| Evolution suite data server (USN-4429-1) libedataserver-1.2-24_3.36.3-0ubuntu1.1_i386.deb | Linux |
| evolution security and bug fix update (RLSA-2020:4649) bogofilter-1.2.5-2.el8.x86_64.rpm | Linux |
| Bogofilter update (ELSA-2020-4649) bogofilter-1.2.5-2.el8.x86_64.rpm | Linux |
| Evolution update (ELSA-2020-4649) evolution-3.28.5-14.el8.x86_64.rpm | Linux |
| Evolution-bogofilter update (ELSA-2020-4649) evolution-bogofilter-3.28.5-14.el8.x86_64.rpm | Linux |
| Evolution-data-server update (ELSA-2020-4649) evolution-data-server-3.28.5-14.el8.i686.rpm | Linux |
| Evolution-data-server update (ELSA-2020-4649) evolution-data-server-3.28.5-14.el8.x86_64.rpm | Linux |
| Evolution-data-server-devel update (ELSA-2020-4649) evolution-data-server-devel-3.28.5-14.el8.i686.rpm | Linux |
| Evolution-data-server-devel update (ELSA-2020-4649) evolution-data-server-devel-3.28.5-14.el8.x86_64.rpm | Linux |
| Evolution-data-server-langpacks update (ELSA-2020-4649) evolution-data-server-langpacks-3.28.5-14.el8.noarch.rpm | Linux |
| Evolution-help update (ELSA-2020-4649) evolution-help-3.28.5-14.el8.noarch.rpm | Linux |
| Evolution-langpacks update (ELSA-2020-4649) evolution-langpacks-3.28.5-14.el8.noarch.rpm | Linux |
| Evolution-mapi update (ELSA-2020-4649) evolution-mapi-3.28.3-3.el8.x86_64.rpm | Linux |
| Evolution-mapi-langpacks update (ELSA-2020-4649) evolution-mapi-langpacks-3.28.3-3.el8.noarch.rpm | Linux |
| Evolution-pst update (ELSA-2020-4649) evolution-pst-3.28.5-14.el8.x86_64.rpm | Linux |
| Evolution-spamassassin update (ELSA-2020-4649) evolution-spamassassin-3.28.5-14.el8.x86_64.rpm | Linux |
| Openchange update (ELSA-2020-4649) openchange-2.3-26.0.1.el8.i686.rpm | Linux |
| Openchange update (ELSA-2020-4649) openchange-2.3-26.0.1.el8.x86_64.rpm | Linux |
| Low: evolution security and bug fix update bogofilter-1.2.5-2.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234