CVE-2020-16118

Name of the Vulnerable Software and Affected Versions GNOME Balsa versions prior to 2.6.0

Description A malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap mbox connect in libbalsa/imap/imap-handle.c. This issue can be exploited to cause a client crash.

Recommendations For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted servers to minimize the risk of exploitation.