CVE-2020-15953
Summary
| CVE | CVE-2020-15953 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-27 07:15:00 UTC |
| Updated | 2023-11-07 03:17:00 UTC |
| Description | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [security-announce] openSUSE-SU-2020:1505-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| Buffering issues with STARTTLS in IMAP · Issue #386 · dinhvh/libetpan · GitHub |
MISC |
github.com |
Exploit, Patch, Third Party Advisory |
| libetpan: Improper STARTTLS handling (GLSA 202007-55) — Gentoo security |
GENTOO |
security.gentoo.org |
Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1454-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| [SECURITY] [DLA 2329-1] libetpan security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 31 Update: libetpan-1.9.3-3.fc31 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 32 Update: libetpan-1.9.4-4.fc32 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 31 Update: libetpan-1.9.3-3.fc31 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 32 Update: libetpan-1.9.4-4.fc32 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 501598 Alpine Linux Security Update for libetpan