vulnerability

Alma Linux: CVE-2020-14928: Low: evolution security and bug fix update (ALSA-2020-4649)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 17, 2020	May 4, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 17, 2020

Added

May 4, 2022

Modified

Aug 11, 2025

Description

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Solutions

alma-upgrade-bogofilteralma-upgrade-evolution-data-server-docalma-upgrade-evolution-data-server-perlalma-upgrade-evolution-data-server-testsalma-upgrade-evolution-devel

References

CVE-2020-14928
https://attackerkb.com/topics/CVE-2020-14928
CWE-74
URL-https://errata.almalinux.org/8/ALSA-2020-4649.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today