vulnerability

Rocky Linux: CVE-2020-14928: evolution (RLSA-2020-4649)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 17, 2020	Mar 12, 2024	Aug 13, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 17, 2020

Added

Mar 12, 2024

Modified

Aug 13, 2025

Description

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Solutions

rocky-upgrade-bogofilterrocky-upgrade-bogofilter-debuginforocky-upgrade-bogofilter-debugsourcerocky-upgrade-evolution-mapirocky-upgrade-evolution-mapi-debuginforocky-upgrade-evolution-mapi-debugsource

References

CVE-2020-14928
https://attackerkb.com/topics/CVE-2020-14928
CWE-74
URL-https://errata.rockylinux.org/RLSA-2020:4649

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today