CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
gnomeevolution-data-server
𝑥
< 3.35.91
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
evolution-data-server
bookworm
3.46.4-2
fixed
bullseye
3.38.3-1+deb11u2
fixed
sid
3.54.1-1
fixed
trixie
3.54.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evolution-data-server
bionic
needs-triage
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
evolution-data-server
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
evolution-data-server-devel
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
evolution-data-server-lang
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
evolution-ews
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
evolution-ews-lang
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
libcamel-1_2-62
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP5
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP6
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP7
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP5
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP6
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP7
3.34.4-3.3.1
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.34.4-3.3.1
fixed
suse enterprise server 15 SP5
3.34.4-3.3.1
fixed
suse enterprise server 15 SP6
3.34.4-3.3.1
fixed
suse enterprise server 15 SP7
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP5
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP6
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP7
3.34.4-3.3.1
fixed
libcamel-1_2-63
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libebackend-1_2-10
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libebook-1_2-20
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libebook-contacts-1_2-3
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libecal-2_0-1
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libedata-book-1_2-26
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libedata-cal-2_0-1
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libedataserver-1_2-24
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP5
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP6
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP7
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP5
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP6
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP7
3.34.4-3.3.1
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.34.4-3.3.1
fixed
suse enterprise server 15 SP5
3.34.4-3.3.1
fixed
suse enterprise server 15 SP6
3.34.4-3.3.1
fixed
suse enterprise server 15 SP7
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP5
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP6
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP7
3.34.4-3.3.1
fixed
libedataserver-1_2-26
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
libedataserverui-1_2-2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
libedataserverui-1_2-3
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-Camel-1_2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-EBook-1_2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-EBookContacts-1_2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-ECal-2_0
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-EDataServer-1_2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
typelib-1_0-EDataServerUI-1_2
suse enterprise desktop 15 SP2
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP3
3.34.4-3.3.1
fixed
suse enterprise desktop 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise sap 15 SP2
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP3
3.34.4-3.3.1
fixed
suse enterprise sap 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise server 15 SP2
3.34.4-3.3.1
fixed
suse enterprise server 15 SP3
3.34.4-3.3.1
fixed
suse enterprise server 15 SP4
3.42.4-150400.1.7
fixed
suse enterprise workstation 15 SP2
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP3
3.34.4-3.3.1
fixed
suse enterprise workstation 15 SP4
3.42.4-150400.1.7
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
evolution
RHEL 8
0:3.28.5-16.el8
fixed
evolution-bogofilter
RHEL 8
0:3.28.5-16.el8
fixed
evolution-data-server
RHEL 8
0:3.28.5-15.el8
fixed
evolution-data-server-devel
RHEL 8
0:3.28.5-15.el8
fixed
evolution-data-server-doc
RHEL 8
0:3.28.5-15.el8
fixed
evolution-data-server-langpacks
RHEL 8
0:3.28.5-15.el8
fixed
evolution-data-server-perl
RHEL 8
0:3.28.5-15.el8
fixed
evolution-data-server-tests
RHEL 8
0:3.28.5-15.el8
fixed
evolution-devel
RHEL 8
0:3.28.5-16.el8
fixed
evolution-ews
RHEL 8
0:3.28.5-10.el8
fixed
evolution-ews-langpacks
RHEL 8
0:3.28.5-10.el8
fixed
evolution-help
RHEL 8
0:3.28.5-16.el8
fixed
evolution-langpacks
RHEL 8
0:3.28.5-16.el8
fixed
evolution-pst
RHEL 8
0:3.28.5-16.el8
fixed
evolution-spamassassin
RHEL 8
0:3.28.5-16.el8
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html