PT-2020-14711 · Claws Mail Team+2 · Claws Mail+2

Published

2020-07-14

Updated

2024-06-15

CVE-2020-15917

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Claws Mail versions prior to 3.17.6

Description The issue is related to a protocol violation in the handling of suffix data after STARTTLS. This occurs due to a mishandling in the common/session.c file of Claws Mail.

Recommendations For versions prior to 3.17.6, update to version 3.17.6 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-2364

ALT-PU-2020-2903

CVE-2020-15917

MGASA-2020-0321

OPENSUSE-SU-2020:1116-1

OPENSUSE-SU-2020:1139-1

OPENSUSE-SU-2020:1192-1

OPENSUSE-SU-2020:1269-1

OPENSUSE-SU-2020:1822-1

OPENSUSE-SU-2020_1116-1

OPENSUSE-SU-2020_1139-1

OPENSUSE-SU-2020_1822-1

OPENSUSE-SU-2021:1045-1

OPENSUSE-SU-2021_1045-1

OPENSUSE-SU-2024:10686-1

Affected Products

Alt Linux

Claws Mail

Suse

PT-2020-14711 · Claws Mail Team+2 · Claws Mail+2

CVE-2020-15917

Related Identifiers

Affected Products

References · 42