CVE-2020-14928

2020-07-17T16:15:00
ID CVE-2020-14928
Type cve
Reporter cve@mitre.org
Modified 2020-08-14T15:25:00

Description

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."