Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2020-14928

Published: 17/07/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Gnome

Vulnerability Summary

evolution-data-server (eds) up to and including 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution-data-server

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 31

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Red Hat: Low: evolution security and bug fix update
Synopsis Low: evolution security and bug fix update Type/Severity Security Advisory: Low Topic An update for bogofilter, evolution, evolution-data-server, evolution-mapi, and openchange is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact ...
Debian Security Advisories: DSA-4725-1 evolution-data-server -- security update
Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks For the stable distribution (buster), this problem has been fixed in version 3305-1+deb10u1 We recommend that you upgrade your evolution-data-server packages For the detailed security status of evolution-da ...

References

CWE-74https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbachttps://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226https://security-tracker.debian.org/tracker/DSA-4725-1https://security-tracker.debian.org/tracker/DLA-2281-1https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4dfhttps://lists.debian.org/debian-lts-announce/2020/07/msg00012.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1173910https://www.debian.org/security/2020/dsa-4725https://usn.ubuntu.com/4429-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/https://access.redhat.com/errata/RHSA-2020:4649https://www.debian.org/security/2020/dsa-4725https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook