STARTTLS Buffering Vulnerability in evolution-data-server (eds)

STARTTLS Buffering Vulnerability in evolution-data-server (eds)

CVE-2020-14928 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Learn more about our Cis Benchmark Audit For Server Software.