#VU45886 NULL pointer dereference in Debian Linux - CVE-2020-16117

Cybersecurity Help s.r.o.

Published: 2020-07-29 | Updated: 2020-08-21

Vulnerability identifier: #VU45886

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-16117

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Debian Linux
Operating systems & Components / Operating system

Vendor: Debian

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Debian Linux: 9.0

External links
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler update for evolution-data-server

Red Hat Enterprise Linux 8 update for evolution

SUSE update for evolution-data-server

NULL pointer dereference in Debian Linux