CVE-2020-15917 - OpenCVE

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

No CVSS v3.0

AV:N/AC:L/Au:N/C:P/I:P/A:P

Configuration 1 [-]

cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html	Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html	Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html	Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html	Broken Link Mailing List Third Party Advisory
https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES
https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/
https://security.gentoo.org/glsa/202007-56	Third Party Advisory