vulnerability
Oracle Linux: CVE-2020-16117: ELSA-2021-1752: evolution security, bug fix, and enhancement update (LOW) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:H/Au:N/C:N/I:N/A:C) | Jul 30, 2020 | May 26, 2021 | Nov 22, 2024 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
Jul 30, 2020
Added
May 26, 2021
Modified
Nov 22, 2024
Description
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system availability.
Solution(s)
oracle-linux-upgrade-evolutionoracle-linux-upgrade-evolution-bogofilteroracle-linux-upgrade-evolution-data-serveroracle-linux-upgrade-evolution-data-server-develoracle-linux-upgrade-evolution-data-server-docoracle-linux-upgrade-evolution-data-server-langpacksoracle-linux-upgrade-evolution-data-server-perloracle-linux-upgrade-evolution-data-server-testsoracle-linux-upgrade-evolution-develoracle-linux-upgrade-evolution-ewsoracle-linux-upgrade-evolution-ews-langpacksoracle-linux-upgrade-evolution-helporacle-linux-upgrade-evolution-langpacksoracle-linux-upgrade-evolution-pstoracle-linux-upgrade-evolution-spamassassin

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.