{"id":"CVE-2020-14928","details":"evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a \"begin TLS\" response, eds reads additional data and evaluates it in a TLS context, aka \"response injection.\"","modified":"2026-04-16T00:07:45.584416068Z","published":"2020-07-17T16:15:11.387Z","related":["ALSA-2020:4649","SUSE-SU-2021:0885-1","SUSE-SU-2021:0891-1","SUSE-SU-2021:0949-1","openSUSE-SU-2021:0482-1","openSUSE-SU-2024:10744-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1173910"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac"},{"type":"EVIDENCE","url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/DLA-2281-1"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/DSA-4725-1"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4429-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4725"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/evolution-data-server","events":[{"introduced":"0"},{"fixed":"ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"fixed":"f404f33fb01b23903c2bbb16791c7907e457fbac"}]}],"versions":["3.27.4","3.27.90","3.27.91","3.27.92","3.28.0","3.29.1","3.29.2","3.29.3","3.29.4","3.29.90","3.29.91","3.29.92","3.30.0","3.31.1","3.31.2","3.31.3","3.31.4","3.31.90","3.31.91","3.31.92","3.32.0","3.33.1","3.33.2","3.33.3","3.33.4","3.33.90","3.33.91","3.33.92","3.34.0","3.35.1","3.35.2","3.35.3","3.35.90","3.35.91","3.35.92","3.36.0","3.36.1","3.36.2","3.36.3","3.37.1","3.37.2","BEFORE_NEW_UI_MERGE","DB_4_1_25_NC","ECALCOMP_ABI_ANCHOR","EDS_MODULES_BASE","EVOLUION_1_5_4","EVOLUTION_0_0","EVOLUTION_0_1","EVOLUTION_0_12","EVOLUTION_0_13","EVOLUTION_0_14","EVOLUTION_0_15","EVOLUTION_0_16","EVOLUTION_0_16_100","EVOLUTION_0_2","EVOLUTION_0_3","EVOLUTION_0_5","EVOLUTION_0_6","EVOLUTION_0_8","EVOLUTION_0_99_0","EVOLUTION_0_99_2","EVOLUTION_1_0_7","EVOLUTION_1_0_8","EVOLUTION_1_1_1","EVOLUTION_1_1_90","EVOLUTION_1_2_0","EVOLUTION_1_2_3","EVOLUTION_1_3_1","EVOLUTION_1_3_2","EVOLUTION_1_3_3","EVOLUTION_1_3_91","EVOLUTION_1_3_92","EVOLUTION_1_4_0","EVOLUTION_1_4_1","EVOLUTION_1_4_2","EVOLUTION_1_4_3","EVOLUTION_1_4_4","EVOLUTION_1_5","EVOLUTION_1_5_1","EVOLUTION_1_5_2","EVOLUTION_1_5_3","EVOLUTION_1_5_5","EVOLUTION_1_5_6","EVOLUTION_1_5_6_1","EVOLUTION_1_5_8","EVOLUTION_1_5_90","EVOLUTION_1_5_91","EVOLUTION_1_5_92","EVOLUTION_1_5_92_1","EVOLUTION_1_5_92_2","EVOLUTION_1_5_93","EVOLUTION_1_5_94","EVOLUTION_1_5_94_1","EVOLUTION_2_0_0","EVOLUTION_2_0_2","EVOLUTION_2_0_3","EVOLUTION_2_0_4","EVOLUTION_2_1_0","EVOLUTION_2_1_1","EVOLUTION_2_1_2","EVOLUTION_2_1_3","EVOLUTION_2_1_3_1","EVOLUTION_2_1_4","EVOLUTION_2_1_5","EVOLUTION_2_31_3_1","EVOLUTION_DATA_SERVER_0_0_2","EVOLUTION_DATA_SERVER_0_0_3","EVOLUTION_DATA_SERVER_0_0_4","EVOLUTION_DATA_SERVER_0_0_5","EVOLUTION_DATA_SERVER_0_0_6","EVOLUTION_DATA_SERVER_0_0_7","EVOLUTION_DATA_SERVER_0_0_90","EVOLUTION_DATA_SERVER_0_0_91","EVOLUTION_DATA_SERVER_0_0_93","EVOLUTION_DATA_SERVER_0_0_96","EVOLUTION_DATA_SERVER_0_0_97","EVOLUTION_DATA_SERVER_0_0_98","EVOLUTION_DATA_SERVER_0_0_99","EVOLUTION_DATA_SERVER_1_11_3","EVOLUTION_DATA_SERVER_1_11_4","EVOLUTION_DATA_SERVER_1_11_5","EVOLUTION_DATA_SERVER_1_11_90","EVOLUTION_DATA_SERVER_1_11_91","EVOLUTION_DATA_SERVER_1_11_92","EVOLUTION_DATA_SERVER_1_1_0","EVOLUTION_DATA_SERVER_1_1_1","EVOLUTION_DATA_SERVER_1_1_2","EVOLUTION_DATA_SERVER_1_1_3","EVOLUTION_DATA_SERVER_1_1_4","EVOLUTION_DATA_SERVER_1_1_5","EVOLUTION_DATA_SERVER_1_1_6","EVOLUTION_DATA_SERVER_1_3_1","EVOLUTION_DATA_SERVER_1_3_2","EVOLUTION_DATA_SERVER_1_3_3","EVOLUTION_DATA_SERVER_1_3_3_1","EVOLUTION_DATA_SERVER_1_3_4","EVOLUTION_DATA_SERVER_1_3_5","EVOLUTION_DATA_SERVER_1_3_6","EVOLUTION_DATA_SERVER_1_3_6_1","EVOLUTION_DATA_SERVER_1_3_7","EVOLUTION_DATA_SERVER_1_3_8","EVOLUTION_DATA_SERVER_1_5_1","EVOLUTION_DATA_SERVER_1_5_3","EVOLUTION_DATA_SERVER_1_5_4","EVOLUTION_DATA_SERVER_1_5_5","EVOLUTION_DATA_SERVER_1_5_91","EVOLUTION_DATA_SERVER_1_5_92","EVOLUTION_DATA_SERVER_1_5_9_0","EVOLUTION_DATA_SERVER_1_7_1","EVOLUTION_DATA_SERVER_1_7_2","EVOLUTION_DATA_SERVER_1_7_3","EVOLUTION_DATA_SERVER_1_7_4","EVOLUTION_DATA_SERVER_1_7_90","EVOLUTION_DATA_SERVER_1_7_90_1","EVOLUTION_DATA_SERVER_1_7_91","EVOLUTION_DATA_SERVER_1_7_92","EVOLUTION_DATA_SERVER_1_8_0","EVOLUTION_DATA_SERVER_1_8_1","EVOLUTION_DATA_SERVER_1_9_1","EVOLUTION_DATA_SERVER_1_9_3","EVOLUTION_DATA_SERVER_2_21_1","EVOLUTION_DATA_SERVER_2_21_2","EVOLUTION_DATA_SERVER_2_21_3","EVOLUTION_DATA_SERVER_2_21_4","EVOLUTION_DATA_SERVER_2_21_5","EVOLUTION_DATA_SERVER_2_21_90","EVOLUTION_DATA_SERVER_2_21_91","EVOLUTION_DATA_SERVER_2_22_0","EVOLUTION_DATA_SERVER_2_23_1","EVOLUTION_DATA_SERVER_2_23_2","EVOLUTION_DATA_SERVER_2_23_3","EVOLUTION_DATA_SERVER_2_23_4","EVOLUTION_DATA_SERVER_2_23_5","EVOLUTION_DATA_SERVER_2_23_6","EVOLUTION_DATA_SERVER_2_23_90","EVOLUTION_DATA_SERVER_2_23_91","EVOLUTION_DATA_SERVER_2_25_1","EVOLUTION_DATA_SERVER_2_25_2","EVOLUTION_DATA_SERVER_2_25_3","EVOLUTION_DATA_SERVER_2_25_4","EVOLUTION_DATA_SERVER_2_25_5","EVOLUTION_DATA_SERVER_2_25_90","EVOLUTION_DATA_SERVER_2_25_92","EVOLUTION_DATA_SERVER_2_26_0","EVOLUTION_DATA_SERVER_2_27_2","EVOLUTION_DATA_SERVER_2_27_3","EVOLUTION_DATA_SERVER_2_27_4","EVOLUTION_DATA_SERVER_2_27_5","EVOLUTION_DATA_SERVER_2_27_90","EVOLUTION_DATA_SERVER_2_29_1","EVOLUTION_DATA_SERVER_2_29_2","EVOLUTION_DATA_SERVER_2_29_3","EVOLUTION_DATA_SERVER_2_29_4","EVOLUTION_DATA_SERVER_2_29_5","EVOLUTION_DATA_SERVER_2_29_6","EVOLUTION_DATA_SERVER_2_29_90","EVOLUTION_DATA_SERVER_2_29_91","EVOLUTION_DATA_SERVER_2_29_92","EVOLUTION_DATA_SERVER_2_31_1","EVOLUTION_DATA_SERVER_2_31_2","EVOLUTION_DATA_SERVER_2_31_3","EVOLUTION_DATA_SERVER_2_31_3_1","EVOLUTION_DATA_SERVER_2_31_4","EVOLUTION_DATA_SERVER_2_31_5","EVOLUTION_DATA_SERVER_2_31_6","EVOLUTION_DATA_SERVER_2_31_90","EVOLUTION_DATA_SERVER_2_31_91","EVOLUTION_DATA_SERVER_2_31_92","EVOLUTION_DATA_SERVER_2_91_0","EVOLUTION_DATA_SERVER_2_91_1","EVOLUTION_DATA_SERVER_2_91_2","EVOLUTION_DATA_SERVER_2_91_3","EVOLUTION_DATA_SERVER_2_91_4","EVOLUTION_DATA_SERVER_2_91_5","EVOLUTION_DATA_SERVER_2_91_6","EVOLUTION_DATA_SERVER_2_91_90","EVOLUTION_DATA_SERVER_2_91_91","EVOLUTION_DATA_SERVER_2_91_92","EVOLUTION_DATA_SERVER_3_10_0","EVOLUTION_DATA_SERVER_3_11_1","EVOLUTION_DATA_SERVER_3_11_2","EVOLUTION_DATA_SERVER_3_11_3","EVOLUTION_DATA_SERVER_3_11_4","EVOLUTION_DATA_SERVER_3_11_5","EVOLUTION_DATA_SERVER_3_11_90","EVOLUTION_DATA_SERVER_3_11_91","EVOLUTION_DATA_SERVER_3_11_92","EVOLUTION_DATA_SERVER_3_12_0","EVOLUTION_DATA_SERVER_3_13_1","EVOLUTION_DATA_SERVER_3_13_10","EVOLUTION_DATA_SERVER_3_13_2","EVOLUTION_DATA_SERVER_3_13_3","EVOLUTION_DATA_SERVER_3_13_4","EVOLUTION_DATA_SERVER_3_13_5","EVOLUTION_DATA_SERVER_3_13_6","EVOLUTION_DATA_SERVER_3_13_7","EVOLUTION_DATA_SERVER_3_13_8","EVOLUTION_DATA_SERVER_3_13_9","EVOLUTION_DATA_SERVER_3_13_90","EVOLUTION_DATA_SERVER_3_15_91","EVOLUTION_DATA_SERVER_3_15_92","EVOLUTION_DATA_SERVER_3_16_0","EVOLUTION_DATA_SERVER_3_17_1","EVOLUTION_DATA_SERVER_3_17_2","EVOLUTION_DATA_SERVER_3_17_3","EVOLUTION_DATA_SERVER_3_17_4","EVOLUTION_DATA_SERVER_3_17_90","EVOLUTION_DATA_SERVER_3_17_91","EVOLUTION_DATA_SERVER_3_17_92","EVOLUTION_DATA_SERVER_3_18_0","EVOLUTION_DATA_SERVER_3_19_1","EVOLUTION_DATA_SERVER_3_19_2","EVOLUTION_DATA_SERVER_3_19_3","EVOLUTION_DATA_SERVER_3_19_4","EVOLUTION_DATA_SERVER_3_19_90","EVOLUTION_DATA_SERVER_3_19_91","EVOLUTION_DATA_SERVER_3_19_92","EVOLUTION_DATA_SERVER_3_1_2","EVOLUTION_DATA_SERVER_3_1_3","EVOLUTION_DATA_SERVER_3_1_3_1","EVOLUTION_DATA_SERVER_3_1_4","EVOLUTION_DATA_SERVER_3_1_5","EVOLUTION_DATA_SERVER_3_1_90","EVOLUTION_DATA_SERVER_3_1_91","EVOLUTION_DATA_SERVER_3_1_92","EVOLUTION_DATA_SERVER_3_20_0","EVOLUTION_DATA_SERVER_3_21_1","EVOLUTION_DATA_SERVER_3_21_2","EVOLUTION_DATA_SERVER_3_21_3","EVOLUTION_DATA_SERVER_3_21_4","EVOLUTION_DATA_SERVER_3_21_90","EVOLUTION_DATA_SERVER_3_21_91","EVOLUTION_DATA_SERVER_3_21_92","EVOLUTION_DATA_SERVER_3_22_0","EVOLUTION_DATA_SERVER_3_23_1","EVOLUTION_DATA_SERVER_3_23_2","EVOLUTION_DATA_SERVER_3_23_3","EVOLUTION_DATA_SERVER_3_23_4","EVOLUTION_DATA_SERVER_3_23_90","EVOLUTION_DATA_SERVER_3_23_91","EVOLUTION_DATA_SERVER_3_23_92","EVOLUTION_DATA_SERVER_3_24_0","EVOLUTION_DATA_SERVER_3_25_1","EVOLUTION_DATA_SERVER_3_25_2","EVOLUTION_DATA_SERVER_3_25_3","EVOLUTION_DATA_SERVER_3_25_4","EVOLUTION_DATA_SERVER_3_25_90","EVOLUTION_DATA_SERVER_3_25_91","EVOLUTION_DATA_SERVER_3_25_92","EVOLUTION_DATA_SERVER_3_26_0","EVOLUTION_DATA_SERVER_3_27_1","EVOLUTION_DATA_SERVER_3_27_2","EVOLUTION_DATA_SERVER_3_27_3","EVOLUTION_DATA_SERVER_3_2_0","EVOLUTION_DATA_SERVER_3_3_1","EVOLUTION_DATA_SERVER_3_3_2","EVOLUTION_DATA_SERVER_3_3_3","EVOLUTION_DATA_SERVER_3_3_4","EVOLUTION_DATA_SERVER_3_3_5","EVOLUTION_DATA_SERVER_3_3_90","EVOLUTION_DATA_SERVER_3_3_91","EVOLUTION_DATA_SERVER_3_3_92","EVOLUTION_DATA_SERVER_3_4_0","EVOLUTION_DATA_SERVER_3_5_1","EVOLUTION_DATA_SERVER_3_5_3","EVOLUTION_DATA_SERVER_3_5_4","EVOLUTION_DATA_SERVER_3_5_5_FIXED","EVOLUTION_DATA_SERVER_3_5_90","EVOLUTION_DATA_SERVER_3_5_91","EVOLUTION_DATA_SERVER_3_5_92","EVOLUTION_DATA_SERVER_3_7_1","EVOLUTION_DATA_SERVER_3_7_2","EVOLUTION_DATA_SERVER_3_7_3","EVOLUTION_DATA_SERVER_3_7_4","EVOLUTION_DATA_SERVER_3_7_5","EVOLUTION_DATA_SERVER_3_7_90","EVOLUTION_DATA_SERVER_3_7_92","EVOLUTION_DATA_SERVER_3_9_1","EVOLUTION_DATA_SERVER_3_9_2","EVOLUTION_DATA_SERVER_3_9_3","EVOLUTION_DATA_SERVER_3_9_4","EVOLUTION_DATA_SERVER_3_9_5","EVOLUTION_DATA_SERVER_3_9_90","EVOLUTION_DATA_SERVER_3_9_91","EVOLUTION_DATA_SERVER_3_9_92","E_TREE_REWORK_BASE","GNOME_2_16_BRANCHPOINT","GNOME_MEDIA_1_2_2","GNOME_PRINT_0_24","INITIAL","LWE_2001_01","V0_0_1","backend-split-branch-merge-start","before-camel-mt","before-eds-merge","caldav-branchpoint","eds-1-0-1-merge-start","eds-1-2-1-merge-start","evolution-2-0-1-merge","evolution-2-0-1-merge-start","gnome-2-10-base","gnome-2-8-base","mmapped-camel-summary-branchpoint","new-calendar-branch-before-create-modify","new-calendar-branch-merge-end","new-calendar-branch-start","new-parser-anchor","new-ui-branch-merge-end","new-ui-branch-merge-start","notzed-disksummary-branchpoint","notzed-eplugin-2-merge","notzed-messageinfo-branchpoint","spam-filtering-start","toshok-libmimedir-base"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14928.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2020-14928-06b91b00","signature_type":"Function","target":{"function":"connect_to_server","file":"src/camel/providers/pop3/camel-pop3-store.c"},"deprecated":false,"digest":{"length":2674,"function_hash":"191466675488590993705201311477623422795"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"signature_version":"v1","id":"CVE-2020-14928-15877e64","signature_type":"Line","target":{"file":"src/camel/providers/smtp/camel-smtp-transport.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["88811326310142647714676084967060802531","233058444095276551268480870019437245082","87833723440427189052487113379568843383","239470605046030276584359078389400509066"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"src/camel/providers/pop3/camel-pop3-stream.h"},"id":"CVE-2020-14928-1f5cda8f","digest":{"threshold":0.9,"line_hashes":["199493910500933765285989127410700280543","304399716984885611769796334484523229609","204210384105609217637402259819136612502"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","id":"CVE-2020-14928-273be049","signature_type":"Function","target":{"function":"connect_to_server","file":"src/camel/providers/smtp/camel-smtp-transport.c"},"deprecated":false,"digest":{"length":3722,"function_hash":"272762691641719020593453431005942035644"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"signature_version":"v1","id":"CVE-2020-14928-4192f53f","signature_type":"Function","target":{"function":"connect_to_server","file":"src/camel/providers/pop3/camel-pop3-store.c"},"deprecated":false,"digest":{"length":2674,"function_hash":"191466675488590993705201311477623422795"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","id":"CVE-2020-14928-4cf60444","signature_type":"Line","target":{"file":"src/camel/providers/pop3/camel-pop3-store.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["88811326310142647714676084967060802531","233058444095276551268480870019437245082","87833723440427189052487113379568843383","239470605046030276584359078389400509066"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"signature_version":"v1","id":"CVE-2020-14928-4fd255a0","signature_type":"Line","target":{"file":"src/camel/providers/smtp/camel-smtp-transport.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["88811326310142647714676084967060802531","233058444095276551268480870019437245082","87833723440427189052487113379568843383","239470605046030276584359078389400509066"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"signature_version":"v1","id":"CVE-2020-14928-50e4f60e","signature_type":"Line","target":{"file":"src/camel/providers/pop3/camel-pop3-store.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["88811326310142647714676084967060802531","233058444095276551268480870019437245082","87833723440427189052487113379568843383","239470605046030276584359078389400509066"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"connect_to_server","file":"src/camel/providers/smtp/camel-smtp-transport.c"},"id":"CVE-2020-14928-787c0ed3","digest":{"length":3722,"function_hash":"272762691641719020593453431005942035644"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"src/camel/camel-stream-buffer.h"},"id":"CVE-2020-14928-9227d73a","digest":{"threshold":0.9,"line_hashes":["89053395832605180317808392096232514143","315417799224738764391106050296556767095","126232431020561451696029856354429749299"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"src/camel/providers/pop3/camel-pop3-stream.h"},"id":"CVE-2020-14928-9a15a5a1","digest":{"threshold":0.9,"line_hashes":["199493910500933765285989127410700280543","304399716984885611769796334484523229609","204210384105609217637402259819136612502"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"},{"signature_version":"v1","id":"CVE-2020-14928-d1d0cf38","signature_type":"Line","target":{"file":"src/camel/camel-stream-buffer.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["89053395832605180317808392096232514143","315417799224738764391106050296556767095","126232431020561451696029856354429749299"]},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}