CVE Vulnerabilities

CVE-2020-16094

Uncontrolled Recursion

Published: Jul 28, 2020 | Modified: Jan 04, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

Weakness

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Claws-mail Claws-mail * 3.17.6
Claws-mail Ubuntu trusty *
Claws-mail Ubuntu xenial *

Potential Mitigations

References