{"id":"CVE-2020-16117","details":"In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.","modified":"2026-04-16T00:02:28.211880831Z","published":"2020-07-29T18:15:14.860Z","related":["ALSA-2021:1752","SUSE-SU-2021:0885-1","SUSE-SU-2021:0891-1","SUSE-SU-2021:0949-1","openSUSE-SU-2021:0482-1","openSUSE-SU-2024:10744-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5"},{"type":"EVIDENCE","url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/evolution-data-server","events":[{"introduced":"0"},{"fixed":"627c3cdbfd077e59aa288c85ff8272950577f1d7"},{"fixed":"2cc39592b532cf0dc994fd3694b8e6bf924c9ab5"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.35.91"}],"cpe":"cpe:2.3:a:gnome:evolution-data-server:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["3.27.4","3.27.90","3.27.91","3.27.92","3.28.0","3.29.1","3.29.2","3.29.3","3.29.4","3.29.90","3.29.91","3.29.92","3.30.0","3.31.1","3.31.2","3.31.3","3.31.4","3.31.90","3.31.91","3.31.92","3.32.0","3.33.1","3.33.2","3.33.3","3.33.4","3.33.90","3.33.91","3.33.92","3.34.0","3.35.1","3.35.2","3.35.3","3.35.90","BEFORE_NEW_UI_MERGE","DB_4_1_25_NC","ECALCOMP_ABI_ANCHOR","EDS_MODULES_BASE","EVOLUION_1_5_4","EVOLUTION_0_0","EVOLUTION_0_1","EVOLUTION_0_12","EVOLUTION_0_13","EVOLUTION_0_14","EVOLUTION_0_15","EVOLUTION_0_16","EVOLUTION_0_16_100","EVOLUTION_0_2","EVOLUTION_0_3","EVOLUTION_0_5","EVOLUTION_0_6","EVOLUTION_0_8","EVOLUTION_0_99_0","EVOLUTION_0_99_2","EVOLUTION_1_0_7","EVOLUTION_1_0_8","EVOLUTION_1_1_1","EVOLUTION_1_1_90","EVOLUTION_1_2_0","EVOLUTION_1_2_3","EVOLUTION_1_3_1","EVOLUTION_1_3_2","EVOLUTION_1_3_3","EVOLUTION_1_3_91","EVOLUTION_1_3_92","EVOLUTION_1_4_0","EVOLUTION_1_4_1","EVOLUTION_1_4_2","EVOLUTION_1_4_3","EVOLUTION_1_4_4","EVOLUTION_1_5","EVOLUTION_1_5_1","EVOLUTION_1_5_2","EVOLUTION_1_5_3","EVOLUTION_1_5_5","EVOLUTION_1_5_6","EVOLUTION_1_5_6_1","EVOLUTION_1_5_8","EVOLUTION_1_5_90","EVOLUTION_1_5_91","EVOLUTION_1_5_92","EVOLUTION_1_5_92_1","EVOLUTION_1_5_92_2","EVOLUTION_1_5_93","EVOLUTION_1_5_94","EVOLUTION_1_5_94_1","EVOLUTION_2_0_0","EVOLUTION_2_0_2","EVOLUTION_2_0_3","EVOLUTION_2_0_4","EVOLUTION_2_1_0","EVOLUTION_2_1_1","EVOLUTION_2_1_2","EVOLUTION_2_1_3","EVOLUTION_2_1_3_1","EVOLUTION_2_1_4","EVOLUTION_2_1_5","EVOLUTION_2_31_3_1","EVOLUTION_DATA_SERVER_0_0_2","EVOLUTION_DATA_SERVER_0_0_3","EVOLUTION_DATA_SERVER_0_0_4","EVOLUTION_DATA_SERVER_0_0_5","EVOLUTION_DATA_SERVER_0_0_6","EVOLUTION_DATA_SERVER_0_0_7","EVOLUTION_DATA_SERVER_0_0_90","EVOLUTION_DATA_SERVER_0_0_91","EVOLUTION_DATA_SERVER_0_0_93","EVOLUTION_DATA_SERVER_0_0_96","EVOLUTION_DATA_SERVER_0_0_97","EVOLUTION_DATA_SERVER_0_0_98","EVOLUTION_DATA_SERVER_0_0_99","EVOLUTION_DATA_SERVER_1_11_3","EVOLUTION_DATA_SERVER_1_11_4","EVOLUTION_DATA_SERVER_1_11_5","EVOLUTION_DATA_SERVER_1_11_90","EVOLUTION_DATA_SERVER_1_11_91","EVOLUTION_DATA_SERVER_1_11_92","EVOLUTION_DATA_SERVER_1_1_0","EVOLUTION_DATA_SERVER_1_1_1","EVOLUTION_DATA_SERVER_1_1_2","EVOLUTION_DATA_SERVER_1_1_3","EVOLUTION_DATA_SERVER_1_1_4","EVOLUTION_DATA_SERVER_1_1_5","EVOLUTION_DATA_SERVER_1_1_6","EVOLUTION_DATA_SERVER_1_3_1","EVOLUTION_DATA_SERVER_1_3_2","EVOLUTION_DATA_SERVER_1_3_3","EVOLUTION_DATA_SERVER_1_3_3_1","EVOLUTION_DATA_SERVER_1_3_4","EVOLUTION_DATA_SERVER_1_3_5","EVOLUTION_DATA_SERVER_1_3_6","EVOLUTION_DATA_SERVER_1_3_6_1","EVOLUTION_DATA_SERVER_1_3_7","EVOLUTION_DATA_SERVER_1_3_8","EVOLUTION_DATA_SERVER_1_5_1","EVOLUTION_DATA_SERVER_1_5_3","EVOLUTION_DATA_SERVER_1_5_4","EVOLUTION_DATA_SERVER_1_5_5","EVOLUTION_DATA_SERVER_1_5_91","EVOLUTION_DATA_SERVER_1_5_92","EVOLUTION_DATA_SERVER_1_5_9_0","EVOLUTION_DATA_SERVER_1_7_1","EVOLUTION_DATA_SERVER_1_7_2","EVOLUTION_DATA_SERVER_1_7_3","EVOLUTION_DATA_SERVER_1_7_4","EVOLUTION_DATA_SERVER_1_7_90","EVOLUTION_DATA_SERVER_1_7_90_1","EVOLUTION_DATA_SERVER_1_7_91","EVOLUTION_DATA_SERVER_1_7_92","EVOLUTION_DATA_SERVER_1_8_0","EVOLUTION_DATA_SERVER_1_8_1","EVOLUTION_DATA_SERVER_1_9_1","EVOLUTION_DATA_SERVER_1_9_3","EVOLUTION_DATA_SERVER_2_21_1","EVOLUTION_DATA_SERVER_2_21_2","EVOLUTION_DATA_SERVER_2_21_3","EVOLUTION_DATA_SERVER_2_21_4","EVOLUTION_DATA_SERVER_2_21_5","EVOLUTION_DATA_SERVER_2_21_90","EVOLUTION_DATA_SERVER_2_21_91","EVOLUTION_DATA_SERVER_2_22_0","EVOLUTION_DATA_SERVER_2_23_1","EVOLUTION_DATA_SERVER_2_23_2","EVOLUTION_DATA_SERVER_2_23_3","EVOLUTION_DATA_SERVER_2_23_4","EVOLUTION_DATA_SERVER_2_23_5","EVOLUTION_DATA_SERVER_2_23_6","EVOLUTION_DATA_SERVER_2_23_90","EVOLUTION_DATA_SERVER_2_23_91","EVOLUTION_DATA_SERVER_2_25_1","EVOLUTION_DATA_SERVER_2_25_2","EVOLUTION_DATA_SERVER_2_25_3","EVOLUTION_DATA_SERVER_2_25_4","EVOLUTION_DATA_SERVER_2_25_5","EVOLUTION_DATA_SERVER_2_25_90","EVOLUTION_DATA_SERVER_2_25_92","EVOLUTION_DATA_SERVER_2_26_0","EVOLUTION_DATA_SERVER_2_27_2","EVOLUTION_DATA_SERVER_2_27_3","EVOLUTION_DATA_SERVER_2_27_4","EVOLUTION_DATA_SERVER_2_27_5","EVOLUTION_DATA_SERVER_2_27_90","EVOLUTION_DATA_SERVER_2_29_1","EVOLUTION_DATA_SERVER_2_29_2","EVOLUTION_DATA_SERVER_2_29_3","EVOLUTION_DATA_SERVER_2_29_4","EVOLUTION_DATA_SERVER_2_29_5","EVOLUTION_DATA_SERVER_2_29_6","EVOLUTION_DATA_SERVER_2_29_90","EVOLUTION_DATA_SERVER_2_29_91","EVOLUTION_DATA_SERVER_2_29_92","EVOLUTION_DATA_SERVER_2_31_1","EVOLUTION_DATA_SERVER_2_31_2","EVOLUTION_DATA_SERVER_2_31_3","EVOLUTION_DATA_SERVER_2_31_3_1","EVOLUTION_DATA_SERVER_2_31_4","EVOLUTION_DATA_SERVER_2_31_5","EVOLUTION_DATA_SERVER_2_31_6","EVOLUTION_DATA_SERVER_2_31_90","EVOLUTION_DATA_SERVER_2_31_91","EVOLUTION_DATA_SERVER_2_31_92","EVOLUTION_DATA_SERVER_2_91_0","EVOLUTION_DATA_SERVER_2_91_1","EVOLUTION_DATA_SERVER_2_91_2","EVOLUTION_DATA_SERVER_2_91_3","EVOLUTION_DATA_SERVER_2_91_4","EVOLUTION_DATA_SERVER_2_91_5","EVOLUTION_DATA_SERVER_2_91_6","EVOLUTION_DATA_SERVER_2_91_90","EVOLUTION_DATA_SERVER_2_91_91","EVOLUTION_DATA_SERVER_2_91_92","EVOLUTION_DATA_SERVER_3_10_0","EVOLUTION_DATA_SERVER_3_11_1","EVOLUTION_DATA_SERVER_3_11_2","EVOLUTION_DATA_SERVER_3_11_3","EVOLUTION_DATA_SERVER_3_11_4","EVOLUTION_DATA_SERVER_3_11_5","EVOLUTION_DATA_SERVER_3_11_90","EVOLUTION_DATA_SERVER_3_11_91","EVOLUTION_DATA_SERVER_3_11_92","EVOLUTION_DATA_SERVER_3_12_0","EVOLUTION_DATA_SERVER_3_13_1","EVOLUTION_DATA_SERVER_3_13_10","EVOLUTION_DATA_SERVER_3_13_2","EVOLUTION_DATA_SERVER_3_13_3","EVOLUTION_DATA_SERVER_3_13_4","EVOLUTION_DATA_SERVER_3_13_5","EVOLUTION_DATA_SERVER_3_13_6","EVOLUTION_DATA_SERVER_3_13_7","EVOLUTION_DATA_SERVER_3_13_8","EVOLUTION_DATA_SERVER_3_13_9","EVOLUTION_DATA_SERVER_3_13_90","EVOLUTION_DATA_SERVER_3_15_91","EVOLUTION_DATA_SERVER_3_15_92","EVOLUTION_DATA_SERVER_3_16_0","EVOLUTION_DATA_SERVER_3_17_1","EVOLUTION_DATA_SERVER_3_17_2","EVOLUTION_DATA_SERVER_3_17_3","EVOLUTION_DATA_SERVER_3_17_4","EVOLUTION_DATA_SERVER_3_17_90","EVOLUTION_DATA_SERVER_3_17_91","EVOLUTION_DATA_SERVER_3_17_92","EVOLUTION_DATA_SERVER_3_18_0","EVOLUTION_DATA_SERVER_3_19_1","EVOLUTION_DATA_SERVER_3_19_2","EVOLUTION_DATA_SERVER_3_19_3","EVOLUTION_DATA_SERVER_3_19_4","EVOLUTION_DATA_SERVER_3_19_90","EVOLUTION_DATA_SERVER_3_19_91","EVOLUTION_DATA_SERVER_3_19_92","EVOLUTION_DATA_SERVER_3_1_2","EVOLUTION_DATA_SERVER_3_1_3","EVOLUTION_DATA_SERVER_3_1_3_1","EVOLUTION_DATA_SERVER_3_1_4","EVOLUTION_DATA_SERVER_3_1_5","EVOLUTION_DATA_SERVER_3_1_90","EVOLUTION_DATA_SERVER_3_1_91","EVOLUTION_DATA_SERVER_3_1_92","EVOLUTION_DATA_SERVER_3_20_0","EVOLUTION_DATA_SERVER_3_21_1","EVOLUTION_DATA_SERVER_3_21_2","EVOLUTION_DATA_SERVER_3_21_3","EVOLUTION_DATA_SERVER_3_21_4","EVOLUTION_DATA_SERVER_3_21_90","EVOLUTION_DATA_SERVER_3_21_91","EVOLUTION_DATA_SERVER_3_21_92","EVOLUTION_DATA_SERVER_3_22_0","EVOLUTION_DATA_SERVER_3_23_1","EVOLUTION_DATA_SERVER_3_23_2","EVOLUTION_DATA_SERVER_3_23_3","EVOLUTION_DATA_SERVER_3_23_4","EVOLUTION_DATA_SERVER_3_23_90","EVOLUTION_DATA_SERVER_3_23_91","EVOLUTION_DATA_SERVER_3_23_92","EVOLUTION_DATA_SERVER_3_24_0","EVOLUTION_DATA_SERVER_3_25_1","EVOLUTION_DATA_SERVER_3_25_2","EVOLUTION_DATA_SERVER_3_25_3","EVOLUTION_DATA_SERVER_3_25_4","EVOLUTION_DATA_SERVER_3_25_90","EVOLUTION_DATA_SERVER_3_25_91","EVOLUTION_DATA_SERVER_3_25_92","EVOLUTION_DATA_SERVER_3_26_0","EVOLUTION_DATA_SERVER_3_27_1","EVOLUTION_DATA_SERVER_3_27_2","EVOLUTION_DATA_SERVER_3_27_3","EVOLUTION_DATA_SERVER_3_2_0","EVOLUTION_DATA_SERVER_3_3_1","EVOLUTION_DATA_SERVER_3_3_2","EVOLUTION_DATA_SERVER_3_3_3","EVOLUTION_DATA_SERVER_3_3_4","EVOLUTION_DATA_SERVER_3_3_5","EVOLUTION_DATA_SERVER_3_3_90","EVOLUTION_DATA_SERVER_3_3_91","EVOLUTION_DATA_SERVER_3_3_92","EVOLUTION_DATA_SERVER_3_4_0","EVOLUTION_DATA_SERVER_3_5_1","EVOLUTION_DATA_SERVER_3_5_3","EVOLUTION_DATA_SERVER_3_5_4","EVOLUTION_DATA_SERVER_3_5_5_FIXED","EVOLUTION_DATA_SERVER_3_5_90","EVOLUTION_DATA_SERVER_3_5_91","EVOLUTION_DATA_SERVER_3_5_92","EVOLUTION_DATA_SERVER_3_7_1","EVOLUTION_DATA_SERVER_3_7_2","EVOLUTION_DATA_SERVER_3_7_3","EVOLUTION_DATA_SERVER_3_7_4","EVOLUTION_DATA_SERVER_3_7_5","EVOLUTION_DATA_SERVER_3_7_90","EVOLUTION_DATA_SERVER_3_7_92","EVOLUTION_DATA_SERVER_3_9_1","EVOLUTION_DATA_SERVER_3_9_2","EVOLUTION_DATA_SERVER_3_9_3","EVOLUTION_DATA_SERVER_3_9_4","EVOLUTION_DATA_SERVER_3_9_5","EVOLUTION_DATA_SERVER_3_9_90","EVOLUTION_DATA_SERVER_3_9_91","EVOLUTION_DATA_SERVER_3_9_92","E_TREE_REWORK_BASE","GNOME_2_16_BRANCHPOINT","GNOME_MEDIA_1_2_2","GNOME_PRINT_0_24","INITIAL","LWE_2001_01","V0_0_1","backend-split-branch-merge-start","before-camel-mt","before-eds-merge","caldav-branchpoint","eds-1-0-1-merge-start","eds-1-2-1-merge-start","evolution-2-0-1-merge","evolution-2-0-1-merge-start","gnome-2-10-base","gnome-2-8-base","mmapped-camel-summary-branchpoint","new-calendar-branch-before-create-modify","new-calendar-branch-merge-end","new-calendar-branch-start","new-parser-anchor","new-ui-branch-merge-end","new-ui-branch-merge-start","notzed-disksummary-branchpoint","notzed-eplugin-2-merge","notzed-messageinfo-branchpoint","spam-filtering-start","toshok-libmimedir-base"],"database_specific":{"vanir_signatures_modified":"2026-04-11T20:33:19Z","vanir_signatures":[{"id":"CVE-2020-16117-9f92a672","digest":{"line_hashes":["20043028137609293051763799761082055484","83182470343345176891103833719244876020","199483931179386216107266404643240371748","335237393370969502089703702461498312200"],"threshold":0.9},"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"src/camel/providers/imapx/camel-imapx-server.c"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@2cc39592b532cf0dc994fd3694b8e6bf924c9ab5"},{"id":"CVE-2020-16117-fbcd9b35","digest":{"length":4704,"function_hash":"162272372638673840553232421692664243259"},"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"src/camel/providers/imapx/camel-imapx-server.c","function":"imapx_connect_to_server"},"source":"https://gitlab.gnome.org/GNOME/evolution-data-server@2cc39592b532cf0dc994fd3694b8e6bf924c9ab5"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16117.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}