Unrated severityNVD Advisory· Published Jul 17, 2020· Updated Aug 4, 2024
CVE-2020-14928
CVE-2020-14928
Description
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- evolution-data-server/evolution-data-serverdescription
- Range: <=3.36.3
- osv-coords12 versionspkg:rpm/almalinux/bogofilterpkg:rpm/almalinux/evolution-data-server-docpkg:rpm/almalinux/evolution-data-server-perlpkg:rpm/almalinux/evolution-data-server-testspkg:rpm/almalinux/evolution-develpkg:rpm/opensuse/evolution-data-server&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/evolution-data-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/evolution-ews&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/evolution-data-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/evolution-data-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/evolution-data-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/evolution-ews&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2
< 1.2.5-2.el8+ 11 more
- (no CPE)range: < 1.2.5-2.el8
- (no CPE)range: < 3.28.5-14.el8
- (no CPE)range: < 3.28.5-14.el8
- (no CPE)range: < 3.28.5-14.el8
- (no CPE)range: < 3.28.5-14.el8
- (no CPE)range: < 3.34.4-lp152.2.3.1
- (no CPE)range: < 3.40.4-1.4
- (no CPE)range: < 3.34.4-lp152.2.3.1
- (no CPE)range: < 3.22.7-18.7.1
- (no CPE)range: < 3.20.6-17.3.1
- (no CPE)range: < 3.34.4-3.3.1
- (no CPE)range: < 3.34.4-3.3.1
Patches
Vulnerability mechanics
References
10- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4429-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4725mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4dfmitrex_refsource_CONFIRM
- gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbacmitrex_refsource_CONFIRM
- gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/07/msg00012.htmlmitrex_refsource_CONFIRM
- security-tracker.debian.org/tracker/DLA-2281-1mitrex_refsource_CONFIRM
- security-tracker.debian.org/tracker/DSA-4725-1mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.