CVE-2020-16118

Summary

CVE	CVE-2020-16118
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-07-29 18:15:00 UTC
Updated	2023-02-03 16:24:00 UTC
Description	In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnome	Balsa	All	All	All	All
Application	Gnome	Balsa	All	All	All	All
Application	Opensuse	Backports Sle	15.0	sp1	All	All
Operating System	Opensuse	Leap	15.1	All	All	All

References

Reference	Source	Link	Tags
crash due to null pointer access when imap server sends early preauth (#23) · Issues · GNOME / balsa · GitLab	MISC	gitlab.gnome.org	Exploit, Third Party Advisory
[security-announce] openSUSE-SU-2020:1207-1: moderate: Security update f	SUSE	lists.opensuse.org
[security-announce] openSUSE-SU-2020:1230-1: moderate: Security update f	SUSE	lists.opensuse.org
imap-handle: Do not crash on PREAUTH greeting (4e245d75) · Commits · GNOME / balsa · GitLab	MISC	gitlab.gnome.org	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.