{"id":"UBUNTU-CVE-2020-15917","details":"common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.","modified":"2026-04-22T14:07:27.918362Z","published":"2020-07-23T19:15:00Z","upstream":["CVE-2020-15917"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15917"},{"type":"REPORT","url":"https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5"},{"type":"REPORT","url":"https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-15917"}],"affected":[{"package":{"name":"claws-mail","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/claws-mail@3.13.2-1ubuntu1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.12.0-1ubuntu1","3.12.0-1ubuntu2","3.13.1-1.1ubuntu1","3.13.1-1.1ubuntu2","3.13.1-1.1ubuntu3","3.13.2-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"claws-mail","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-acpi-notifier","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-address-keeper","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-archiver-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-attach-remover","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-attach-warner","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-bogofilter","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-bsfilter-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-clamd-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-extra-plugins","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-fancy-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-feeds-reader","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-fetchinfo-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-gdata-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-i18n","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-libravatar","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-mailmbox-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-managesieve","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-multi-notifier","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-newmail-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-pdf-viewer","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-perl-filter","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-pgpinline","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-pgpmime","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-plugins","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-python-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-smime-plugin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-spam-report","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-spamassassin","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-tnef-parser","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-tools","binary_version":"3.13.2-1ubuntu1"},{"binary_name":"claws-mail-vcalendar-plugin","binary_version":"3.13.2-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15917.json"}},{"package":{"name":"claws-mail","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/claws-mail@3.16.0-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.15.0-2build2","3.15.1-1","3.15.1-1ubuntu1","3.16.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"claws-mail","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-acpi-notifier","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-address-keeper","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-archiver-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-attach-remover","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-attach-warner","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-bogofilter","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-bsfilter-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-clamd-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-extra-plugins","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-feeds-reader","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-fetchinfo-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-gdata-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-i18n","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-libravatar","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-mailmbox-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-managesieve","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-multi-notifier","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-newmail-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-pdf-viewer","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-perl-filter","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-pgpinline","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-pgpmime","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-plugins","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-python-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-smime-plugin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-spam-report","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-spamassassin","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-tnef-parser","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-tools","binary_version":"3.16.0-1"},{"binary_name":"claws-mail-vcalendar-plugin","binary_version":"3.16.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15917.json"}},{"package":{"name":"claws-mail","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/claws-mail@3.17.5-2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.17.4-1","3.17.4-1build1","3.17.4-2build2","3.17.4-2ubuntu1","3.17.5-2"],"ecosystem_specific":{"binaries":[{"binary_name":"claws-mail","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-acpi-notifier","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-address-keeper","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-archiver-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-attach-remover","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-attach-warner","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-bogofilter","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-bsfilter-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-clamd-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-dillo-viewer","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-extra-plugins","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-feeds-reader","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-fetchinfo-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-gdata-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-i18n","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-libravatar","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-litehtml-viewer","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-mailmbox-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-managesieve","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-multi-notifier","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-newmail-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-pdf-viewer","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-perl-filter","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-pgpinline","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-pgpmime","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-plugins","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-smime-plugin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-spam-report","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-spamassassin","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-tnef-parser","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-tools","binary_version":"3.17.5-2"},{"binary_name":"claws-mail-vcalendar-plugin","binary_version":"3.17.5-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15917.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}