Vulnerability Details CVE-2020-14928
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.064
EPSS Ranking 90.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://bugzilla.suse.com/show_bug.cgi?id=1173910
- https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
- https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
- https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
- https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/
- https://security-tracker.debian.org/tracker/DLA-2281-1
- https://security-tracker.debian.org/tracker/DSA-4725-1
- https://usn.ubuntu.com/4429-1/
- https://www.debian.org/security/2020/dsa-4725
- https://bugzilla.suse.com/show_bug.cgi?id=1173910
- https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
- https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
- https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
- https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/
- https://security-tracker.debian.org/tracker/DLA-2281-1
- https://security-tracker.debian.org/tracker/DSA-4725-1
- https://usn.ubuntu.com/4429-1/
- https://www.debian.org/security/2020/dsa-4725
Products affected by CVE-2020-14928
-
cpe:2.3:a:gnome:evolution-data-server:-
-
cpe:2.3:a:gnome:evolution-data-server:3.22.0
-
cpe:2.3:a:gnome:evolution-data-server:3.22.1
-
cpe:2.3:a:gnome:evolution-data-server:3.22.2
-
cpe:2.3:a:gnome:evolution-data-server:3.22.3
-
cpe:2.3:a:gnome:evolution-data-server:3.22.4
-
cpe:2.3:a:gnome:evolution-data-server:3.22.5
-
cpe:2.3:a:gnome:evolution-data-server:3.22.6
-
cpe:2.3:a:gnome:evolution-data-server:3.22.7
-
cpe:2.3:a:gnome:evolution-data-server:3.23.1
-
cpe:2.3:a:gnome:evolution-data-server:3.23.2
-
cpe:2.3:a:gnome:evolution-data-server:3.23.3
-
cpe:2.3:a:gnome:evolution-data-server:3.23.4
-
cpe:2.3:a:gnome:evolution-data-server:3.23.90
-
cpe:2.3:a:gnome:evolution-data-server:3.23.91
-
cpe:2.3:a:gnome:evolution-data-server:3.23.92
-
cpe:2.3:a:gnome:evolution-data-server:3.24.0
-
cpe:2.3:a:gnome:evolution-data-server:3.24.1
-
cpe:2.3:a:gnome:evolution-data-server:3.24.2
-
cpe:2.3:a:gnome:evolution-data-server:3.24.3
-
cpe:2.3:a:gnome:evolution-data-server:3.24.4
-
cpe:2.3:a:gnome:evolution-data-server:3.24.5
-
cpe:2.3:a:gnome:evolution-data-server:3.24.6
-
cpe:2.3:a:gnome:evolution-data-server:3.24.7
-
cpe:2.3:a:gnome:evolution-data-server:3.25.1
-
cpe:2.3:a:gnome:evolution-data-server:3.25.2
-
cpe:2.3:a:gnome:evolution-data-server:3.25.3
-
cpe:2.3:a:gnome:evolution-data-server:3.25.4
-
cpe:2.3:a:gnome:evolution-data-server:3.25.90
-
cpe:2.3:a:gnome:evolution-data-server:3.25.91
-
cpe:2.3:a:gnome:evolution-data-server:3.25.92
-
cpe:2.3:a:gnome:evolution-data-server:3.26.0
-
cpe:2.3:a:gnome:evolution-data-server:3.26.1
-
cpe:2.3:a:gnome:evolution-data-server:3.26.2
-
cpe:2.3:a:gnome:evolution-data-server:3.26.2.1
-
cpe:2.3:a:gnome:evolution-data-server:3.26.3
-
cpe:2.3:a:gnome:evolution-data-server:3.26.4
-
cpe:2.3:a:gnome:evolution-data-server:3.26.5
-
cpe:2.3:a:gnome:evolution-data-server:3.26.6
-
cpe:2.3:a:gnome:evolution-data-server:3.27.1
-
cpe:2.3:a:gnome:evolution-data-server:3.27.2
-
cpe:2.3:a:gnome:evolution-data-server:3.27.3
-
cpe:2.3:a:gnome:evolution-data-server:3.27.4
-
cpe:2.3:a:gnome:evolution-data-server:3.27.90
-
cpe:2.3:a:gnome:evolution-data-server:3.27.91
-
cpe:2.3:a:gnome:evolution-data-server:3.27.92
-
cpe:2.3:a:gnome:evolution-data-server:3.28.0
-
cpe:2.3:a:gnome:evolution-data-server:3.28.1
-
cpe:2.3:a:gnome:evolution-data-server:3.28.2
-
cpe:2.3:a:gnome:evolution-data-server:3.28.3
-
cpe:2.3:a:gnome:evolution-data-server:3.28.4
-
cpe:2.3:a:gnome:evolution-data-server:3.28.5
-
cpe:2.3:a:gnome:evolution-data-server:3.29.1
-
cpe:2.3:a:gnome:evolution-data-server:3.29.2
-
cpe:2.3:a:gnome:evolution-data-server:3.29.3
-
cpe:2.3:a:gnome:evolution-data-server:3.29.4
-
cpe:2.3:a:gnome:evolution-data-server:3.29.90
-
cpe:2.3:a:gnome:evolution-data-server:3.29.91
-
cpe:2.3:a:gnome:evolution-data-server:3.29.92
-
cpe:2.3:a:gnome:evolution-data-server:3.30.0
-
cpe:2.3:a:gnome:evolution-data-server:3.30.1
-
cpe:2.3:a:gnome:evolution-data-server:3.30.2
-
cpe:2.3:a:gnome:evolution-data-server:3.30.3
-
cpe:2.3:a:gnome:evolution-data-server:3.30.4
-
cpe:2.3:a:gnome:evolution-data-server:3.30.5
-
cpe:2.3:a:gnome:evolution-data-server:3.31.1
-
cpe:2.3:a:gnome:evolution-data-server:3.31.2
-
cpe:2.3:a:gnome:evolution-data-server:3.31.3
-
cpe:2.3:a:gnome:evolution-data-server:3.31.4
-
cpe:2.3:a:gnome:evolution-data-server:3.31.90
-
cpe:2.3:a:gnome:evolution-data-server:3.31.91
-
cpe:2.3:a:gnome:evolution-data-server:3.31.92
-
cpe:2.3:a:gnome:evolution-data-server:3.32.0
-
cpe:2.3:a:gnome:evolution-data-server:3.32.1
-
cpe:2.3:a:gnome:evolution-data-server:3.32.2
-
cpe:2.3:a:gnome:evolution-data-server:3.32.3
-
cpe:2.3:a:gnome:evolution-data-server:3.32.4
-
cpe:2.3:a:gnome:evolution-data-server:3.32.5
-
cpe:2.3:a:gnome:evolution-data-server:3.33.1
-
cpe:2.3:a:gnome:evolution-data-server:3.33.2
-
cpe:2.3:a:gnome:evolution-data-server:3.33.3
-
cpe:2.3:a:gnome:evolution-data-server:3.33.4
-
cpe:2.3:a:gnome:evolution-data-server:3.33.90
-
cpe:2.3:a:gnome:evolution-data-server:3.33.91
-
cpe:2.3:a:gnome:evolution-data-server:3.33.92
-
cpe:2.3:a:gnome:evolution-data-server:3.34.0
-
cpe:2.3:a:gnome:evolution-data-server:3.34.1
-
cpe:2.3:a:gnome:evolution-data-server:3.34.2
-
cpe:2.3:a:gnome:evolution-data-server:3.34.3
-
cpe:2.3:a:gnome:evolution-data-server:3.34.4
-
cpe:2.3:a:gnome:evolution-data-server:3.35.1
-
cpe:2.3:a:gnome:evolution-data-server:3.35.2
-
cpe:2.3:a:gnome:evolution-data-server:3.35.3
-
cpe:2.3:a:gnome:evolution-data-server:3.35.91
-
cpe:2.3:a:gnome:evolution-data-server:3.35.92
-
cpe:2.3:a:gnome:evolution-data-server:3.36.0
-
cpe:2.3:a:gnome:evolution-data-server:3.36.1
-
cpe:2.3:a:gnome:evolution-data-server:3.36.2
-
cpe:2.3:a:gnome:evolution-data-server:3.36.3
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31