CVE-2020-15953 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-15953 Interim 1 15 2023-09-06T23:59:03Z current 2021-05-30T14:42:28Z 2023-09-06T23:59:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-15953 LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html E-Mail link for openSUSE-SU-2020:1454-1 https://lists.opensuse.org/opensuse-updates/2020-09/msg00219.html E-Mail link for openSUSE-SU-2020:1505-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP2 openSUSE Leap 15.2 openSUSE Tumbleweed libetpan-devel-1.9.4-1.7 libetpan-devel-1.9.4-bp152.4.3.1 libetpan-devel-1.9.4-lp152.3.3.1 libetpan20-1.9.4-1.7 libetpan20-1.9.4-bp152.4.3.1 libetpan20-1.9.4-lp152.3.3.1 libetpan-devel-1.9.4-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 libetpan20-1.9.4-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 libetpan-devel-1.9.4-lp152.3.3.1 as a component of openSUSE Leap 15.2 libetpan20-1.9.4-lp152.3.3.1 as a component of openSUSE Leap 15.2 libetpan-devel-1.9.4-1.7 as a component of openSUSE Tumbleweed libetpan20-1.9.4-1.7 as a component of openSUSE Tumbleweed LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." CVE-2020-15953 SUSE Package Hub 15 SP2:libetpan-devel-1.9.4-bp152.4.3.1 SUSE Package Hub 15 SP2:libetpan20-1.9.4-bp152.4.3.1 openSUSE Leap 15.2:libetpan-devel-1.9.4-lp152.3.3.1 openSUSE Leap 15.2:libetpan20-1.9.4-lp152.3.3.1 openSUSE Tumbleweed:libetpan-devel-1.9.4-1.7 openSUSE Tumbleweed:libetpan20-1.9.4-1.7 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N