Description
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
References (10)
Core 10
Core References
Various Sources x_refsource_misc
https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
Various Sources x_refsource_misc
https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-56
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html
Scores
CVSS v3
9.8
EPSS
0.0223
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (6)
claws-mail/claws-mail
< 3.17.6
fedoraproject/fedora
31
fedoraproject/fedora
32
opensuse/backports_sle
15.0 sp1 (2 CPE variants)
opensuse/leap
15.1
opensuse/leap
15.2
Published
Jul 23, 2020
Tracked Since
Feb 18, 2026