9.8

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Claws-mailClaws-mail Version < 3.17.6
FedoraprojectFedora Version31
FedoraprojectFedora Version32
OpensuseBackports Sle Version15.0 Updatesp1
OpensuseBackports Sle Version15.0 Updatesp2
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.59% 0.833
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html
Third Party Advisory
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html
Third Party Advisory
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html
Third Party Advisory
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html
Third Party Advisory
Broken Link
Mailing List
https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES
https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/
https://security.gentoo.org/glsa/202007-56
Third Party Advisory