vulnerability

Red Hat: CVE-2020-16117: CVE-2020-16117 evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server (Multiple Advisories)

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jul 29, 2020
Added
May 21, 2021
Modified
Aug 11, 2025

Description

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-evolutionredhat-upgrade-evolution-bogofilterredhat-upgrade-evolution-bogofilter-debuginforedhat-upgrade-evolution-data-serverredhat-upgrade-evolution-data-server-debuginforedhat-upgrade-evolution-data-server-debugsourceredhat-upgrade-evolution-data-server-develredhat-upgrade-evolution-data-server-docredhat-upgrade-evolution-data-server-langpacksredhat-upgrade-evolution-data-server-perlredhat-upgrade-evolution-data-server-testsredhat-upgrade-evolution-data-server-tests-debuginforedhat-upgrade-evolution-debuginforedhat-upgrade-evolution-debugsourceredhat-upgrade-evolution-develredhat-upgrade-evolution-ewsredhat-upgrade-evolution-ews-debuginforedhat-upgrade-evolution-ews-debugsourceredhat-upgrade-evolution-ews-langpacksredhat-upgrade-evolution-helpredhat-upgrade-evolution-langpacksredhat-upgrade-evolution-pstredhat-upgrade-evolution-pst-debuginforedhat-upgrade-evolution-spamassassinredhat-upgrade-evolution-spamassassin-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today