evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "id": "CVE-2020-14928-06b91b00", "signature_version": "v1", "target": { "function": "connect_to_server", "file": "src/camel/providers/pop3/camel-pop3-store.c" }, "digest": { "function_hash": "191466675488590993705201311477623422795", "length": 2674.0 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-15877e64", "signature_version": "v1", "target": { "file": "src/camel/providers/smtp/camel-smtp-transport.c" }, "digest": { "line_hashes": [ "88811326310142647714676084967060802531", "233058444095276551268480870019437245082", "87833723440427189052487113379568843383", "239470605046030276584359078389400509066" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-1f5cda8f", "signature_version": "v1", "target": { "file": "src/camel/providers/pop3/camel-pop3-stream.h" }, "digest": { "line_hashes": [ "199493910500933765285989127410700280543", "304399716984885611769796334484523229609", "204210384105609217637402259819136612502" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Function", "deprecated": false, "id": "CVE-2020-14928-273be049", "signature_version": "v1", "target": { "function": "connect_to_server", "file": "src/camel/providers/smtp/camel-smtp-transport.c" }, "digest": { "function_hash": "272762691641719020593453431005942035644", "length": 3722.0 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" }, { "signature_type": "Function", "deprecated": false, "id": "CVE-2020-14928-4192f53f", "signature_version": "v1", "target": { "function": "connect_to_server", "file": "src/camel/providers/pop3/camel-pop3-store.c" }, "digest": { "function_hash": "191466675488590993705201311477623422795", "length": 2674.0 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-4cf60444", "signature_version": "v1", "target": { "file": "src/camel/providers/pop3/camel-pop3-store.c" }, "digest": { "line_hashes": [ "88811326310142647714676084967060802531", "233058444095276551268480870019437245082", "87833723440427189052487113379568843383", "239470605046030276584359078389400509066" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-4fd255a0", "signature_version": "v1", "target": { "file": "src/camel/providers/smtp/camel-smtp-transport.c" }, "digest": { "line_hashes": [ "88811326310142647714676084967060802531", "233058444095276551268480870019437245082", "87833723440427189052487113379568843383", "239470605046030276584359078389400509066" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-50e4f60e", "signature_version": "v1", "target": { "file": "src/camel/providers/pop3/camel-pop3-store.c" }, "digest": { "line_hashes": [ "88811326310142647714676084967060802531", "233058444095276551268480870019437245082", "87833723440427189052487113379568843383", "239470605046030276584359078389400509066" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Function", "deprecated": false, "id": "CVE-2020-14928-787c0ed3", "signature_version": "v1", "target": { "function": "connect_to_server", "file": "src/camel/providers/smtp/camel-smtp-transport.c" }, "digest": { "function_hash": "272762691641719020593453431005942035644", "length": 3722.0 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-9227d73a", "signature_version": "v1", "target": { "file": "src/camel/camel-stream-buffer.h" }, "digest": { "line_hashes": [ "89053395832605180317808392096232514143", "315417799224738764391106050296556767095", "126232431020561451696029856354429749299" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@f404f33fb01b23903c2bbb16791c7907e457fbac" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-9a15a5a1", "signature_version": "v1", "target": { "file": "src/camel/providers/pop3/camel-pop3-stream.h" }, "digest": { "line_hashes": [ "199493910500933765285989127410700280543", "304399716984885611769796334484523229609", "204210384105609217637402259819136612502" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" }, { "signature_type": "Line", "deprecated": false, "id": "CVE-2020-14928-d1d0cf38", "signature_version": "v1", "target": { "file": "src/camel/camel-stream-buffer.h" }, "digest": { "line_hashes": [ "89053395832605180317808392096232514143", "315417799224738764391106050296556767095", "126232431020561451696029856354429749299" ], "threshold": 0.9 }, "source": "https://gitlab.gnome.org/GNOME/evolution-data-server@ba82be72cfd427b5d72ff21f929b3a6d8529c4df" } ] }