CVE-2020-16117
Description
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.454
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-bogofilter-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-3.28.5-15.el8.i686.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-3.28.5-15.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-debugsource-3.28.5-15.el8.i686.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-debugsource-3.28.5-15.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-devel-3.28.5-15.el8.i686.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-devel-3.28.5-15.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-data-server-langpacks-3.28.5-15.el8.noarch.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-debugsource-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-ews-3.28.5-10.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-ews-debugsource-3.28.5-10.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-ews-langpacks-3.28.5-10.el8.noarch.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-help-3.28.5-16.el8.noarch.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-langpacks-3.28.5-16.el8.noarch.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-pst-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752) evolution security, bug fix, and enhancement update evolution-spamassassin-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-bogofilter-debuginfo-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-data-server-debuginfo-3.28.5-15.el8.i686.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-data-server-debuginfo-3.28.5-15.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-data-server-tests-debuginfo-3.28.5-15.el8.i686.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-data-server-tests-debuginfo-3.28.5-15.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-debuginfo-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-ews-debuginfo-3.28.5-10.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-pst-debuginfo-3.28.5-16.el8.x86_64.rpm | Linux |
| (RHSA-2021:1752)Low: security, bug fix, and enhancement update evolution-spamassassin-debuginfo-3.28.5-16.el8.x86_64.rpm | Linux |
| Evolution update (ELSA-2021-1752) evolution-3.28.5-16.el8.x86_64.rpm | Linux |
| Evolution-bogofilter update (ELSA-2021-1752) evolution-bogofilter-3.28.5-16.el8.x86_64.rpm | Linux |
| Evolution-data-server update (ELSA-2021-1752) evolution-data-server-3.28.5-15.el8.i686.rpm | Linux |
| Evolution-data-server update (ELSA-2021-1752) evolution-data-server-3.28.5-15.el8.x86_64.rpm | Linux |
| Evolution-data-server-devel update (ELSA-2021-1752) evolution-data-server-devel-3.28.5-15.el8.i686.rpm | Linux |
| Evolution-data-server-devel update (ELSA-2021-1752) evolution-data-server-devel-3.28.5-15.el8.x86_64.rpm | Linux |
| Evolution-data-server-langpacks update (ELSA-2021-1752) evolution-data-server-langpacks-3.28.5-15.el8.noarch.rpm | Linux |
| Evolution-ews update (ELSA-2021-1752) evolution-ews-3.28.5-10.el8.x86_64.rpm | Linux |
| Evolution-ews-langpacks update (ELSA-2021-1752) evolution-ews-langpacks-3.28.5-10.el8.noarch.rpm | Linux |
| Evolution-help update (ELSA-2021-1752) evolution-help-3.28.5-16.el8.noarch.rpm | Linux |
| Evolution-langpacks update (ELSA-2021-1752) evolution-langpacks-3.28.5-16.el8.noarch.rpm | Linux |
| Evolution-pst update (ELSA-2021-1752) evolution-pst-3.28.5-16.el8.x86_64.rpm | Linux |
| Evolution-spamassassin update (ELSA-2021-1752) evolution-spamassassin-3.28.5-16.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234