Vulnerability CVE-2020-16117

Vulnerability Name:

CVE-2020-16117 (CCN-186098)

Assigned:

2020-02-09

Published:

2020-02-09

Updated:

2020-08-11

Summary:

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.3 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-16117

Source: XF
Type: UNKNOWN
evolutiondataserver-cve202016117-dos(186098)

Source: CCN
Type: Evolution Data Server GIT Repository
evolution-data-server

Source: MISC
Type: Patch, Vendor Advisory
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5

Source: MISC
Type: Release Notes, Vendor Advisory
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7

Source: CCN
Type: GNOME GIT Repository
Crash on malformed server response with minimal capabilities

Source: MISC
Type: Exploit, Vendor Advisory
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20200802 [SECURITY] [DLA 2309-1] evolution-data-server security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:evolution-data-server:*:*:*:*:*:*:*:* (Version < 3.35.91)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:656	P	Security update for protobuf (Moderate) (in QA)	2022-10-06
oval:org.opensuse.security:def:3555	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95185	P	evolution-data-server-3.42.4-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:5992	P	Security update for zlib (Important)	2022-03-29
oval:org.opensuse.security:def:102253	P	Security update for cyrus-sasl (Important)	2022-03-07
oval:org.opensuse.security:def:102250	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:112203	P	evolution-data-server-3.40.4-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105734	P	evolution-data-server-3.40.4-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:2379	P	evolution-data-server-3.34.4-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63468	P	evolution-data-server-3.34.4-3.3.1 on GA media (Moderate)	2021-08-10
oval:com.redhat.rhsa:def:20211752	P	RHSA-2021:1752: evolution security, bug fix, and enhancement update (Low)	2021-05-18
oval:org.opensuse.security:def:5989	P	Security update for zabbix (Moderate)	2021-03-30
oval:org.opensuse.security:def:111294	P	Security update for evolution-data-server (Moderate)	2021-03-27
oval:org.opensuse.security:def:67078	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:108919	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:95540	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:119815	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:103009	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:67081	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:10675	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:109675	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:97342	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:96337	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:70815	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:76146	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:97345	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:108916	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:95537	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:76149	P	Security update for evolution-data-server (Moderate)	2021-03-24
oval:org.opensuse.security:def:61114	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:35292	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:5200	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:61115	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:26213	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:6321	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:35291	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:6322	P	Security update for evolution-data-server (Moderate)	2021-03-19

BACK