CVE-2020-16118: Null Pointer Dereference
First published: Wed Jul 29 2020(Updated: )
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Balsa | <2.6.0 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-16118?
CVE-2020-16118 is a vulnerability in GNOME Balsa before version 2.6.0 that allows a malicious server operator or man-in-the-middle to trigger a NULL pointer dereference and crash the client.
How can a malicious server operator or man-in-the-middle exploit CVE-2020-16118?
A malicious server operator or man-in-the-middle can exploit CVE-2020-16118 by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
What is the severity of CVE-2020-16118?
CVE-2020-16118 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2020-16118?
GNOME Balsa versions before 2.6.0, openSUSE Backports SLE 15.0-sp1, and openSUSE Leap 15.1 are affected by CVE-2020-16118.
How can I fix CVE-2020-16118?
To fix CVE-2020-16118, it is recommended to update to GNOME Balsa version 2.6.0 or later.
- collector/nvd-index
- vendor/gnome
- canonical/gnome balsa
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- canonical/opensuse leap
- version/opensuse leap/15.1