evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 05:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=1173910 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df - Patch, Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac - Patch, Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 - Exploit, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/ - | |
References | () https://security-tracker.debian.org/tracker/DLA-2281-1 - Third Party Advisory | |
References | () https://security-tracker.debian.org/tracker/DSA-4725-1 - Third Party Advisory | |
References | () https://usn.ubuntu.com/4429-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2020/dsa-4725 - Third Party Advisory |
Information
Published : 2020-07-17 16:15
Updated : 2024-11-21 05:04
NVD link : CVE-2020-14928
Mitre link : CVE-2020-14928
CVE.ORG link : CVE-2020-14928
JSON object : View
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
gnome
- evolution-data-server
fedoraproject
- fedora
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')