vulnerability

Oracle Linux: CVE-2020-16117: ELSA-2021-1752: evolution security, bug fix, and enhancement update (LOW) (Multiple Advisories)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
2020-07-30
Added
2021-05-26
Modified
2024-11-22

Description

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system availability.

Solution(s)

oracle-linux-upgrade-evolutionoracle-linux-upgrade-evolution-bogofilteroracle-linux-upgrade-evolution-data-serveroracle-linux-upgrade-evolution-data-server-develoracle-linux-upgrade-evolution-data-server-docoracle-linux-upgrade-evolution-data-server-langpacksoracle-linux-upgrade-evolution-data-server-perloracle-linux-upgrade-evolution-data-server-testsoracle-linux-upgrade-evolution-develoracle-linux-upgrade-evolution-ewsoracle-linux-upgrade-evolution-ews-langpacksoracle-linux-upgrade-evolution-helporacle-linux-upgrade-evolution-langpacksoracle-linux-upgrade-evolution-pstoracle-linux-upgrade-evolution-spamassassin

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today