Vulnerabilities > CVE-2020-16118 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

gnome

opensuse

CWE-476

NVD

Published: 2020-07-29

Updated: 2023-02-03

Summary

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Balsa 2.5.0 Gnome Balsa 2.5.1 Gnome Balsa 2.5.3 Gnome Balsa 2.5.5 Gnome Balsa 2.5.6 Gnome Balsa 2.5.7 Gnome Balsa 2.5.8 Gnome Balsa 2.5.11	8
Application	Opensuse Opensuse Backports SLE 15.0	1
OS	Opensuse Opensuse Leap 15.1	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5
https://gitlab.gnome.org/GNOME/balsa/-/issues/23
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00045.html