CVE-2020-14258
CVE-2020-14258
In short
HCL Notes can crash or freeze when it receives a specially-crafted email message. An attacker can send this malicious email to any user, causing their email client to stop responding without needing to be logged in.
Technical detail
The vulnerability exists in improper input validation for email message processing in HCL Notes versions 9, 10, and 11. A remote unauthenticated attacker can craft a malicious email that triggers a denial of service condition, causing the client to hang. The attack vector is network-based and requires no authentication or user interaction beyond receiving the email.
Summary generated and translated by AI from the official description.
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
Affected products
HCL · HCL NotesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →