CVE-2015-9097
published 2017-06-12CVE-2015-9097: The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM…
PriorityP430medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
3.36%
87.2th percentile
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-mail | < ruby-mail 2.6.1+dfsg1-1 (bookworm) | ruby-mail 2.6.1+dfsg1-1 (bookworm) |
| mail_project | <= 2.5.4 | — | |
| nextcloud | >= 0 < 2.5.5 | 2.5.5 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mail Gem CRLF Injection vulnerability
ghsa·2017-10-24
CVE-2015-9097 [MEDIUM] CWE-93 Mail Gem CRLF Injection vulnerability
Mail Gem CRLF Injection vulnerability
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
OSV
Mail Gem CRLF Injection vulnerability
osv·2017-10-24
CVE-2015-9097 [MEDIUM] Mail Gem CRLF Injection vulnerability
Mail Gem CRLF Injection vulnerability
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
OSV
CVE-2015-9097: The mail gem before 2
osv·2017-06-12·CVSS 6.1
CVE-2015-9097 [MEDIUM] CVE-2015-9097: The mail gem before 2
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Red Hat
rubygem-mail: SMTP injection via recipient email addresses
vendor_redhat·2015-12-11·CVSS 6.1
CVE-2015-9097 [MEDIUM] CWE-88 rubygem-mail: SMTP injection via recipient email addresses
rubygem-mail: SMTP injection via recipient email addresses
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Package: ruby193-rubygem-mail (CloudForms Management Engine 5.2) - Will not fix
Package: ruby193-rubygem-mail (CloudForms Management Engine 5.3) - Will not fix
Package: rh-ror41-rubygem-mail (Red Hat Software Collections) - Will not fix
Package: rh-ror42-rubygem-mail (Red Hat Software Collections) - Not affected
Package: ror40-rubygem-mail (Red Hat Software Collections) - Will not fix
Package: ruby193-rubygem-mail (Red Hat Software Collections) - Will not fix
Package: ruby193-rubygem-m
Debian
CVE-2015-9097: ruby-mail - The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerabl...
vendor_debian·2015·CVSS 6.1
CVE-2015-9097 [MEDIUM] CVE-2015-9097: ruby-mail - The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerabl...
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Scope: local
bookworm: resolved (fixed in 2.6.1+dfsg1-1)
bullseye: resolved (fixed in 2.6.1+dfsg1-1)
forky: resolved (fixed in 2.6.1+dfsg1-1)
sid: resolved (fixed in 2.6.1+dfsg1-1)
trixie: resolved (fixed in 2.6.1+dfsg1-1)
No detection rules found.
No public exploits indexed.
http://openwall.com/lists/oss-security/2015/12/11/3http://www.mbsd.jp/Whitepaper/smtpi.pdfhttps://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83https://github.com/mikel/mail/pull/1097https://github.com/rubysec/ruby-advisory-db/issues/215https://hackerone.com/reports/137631https://rubysec.com/advisories/mail-OSVDB-131677http://openwall.com/lists/oss-security/2015/12/11/3http://www.mbsd.jp/Whitepaper/smtpi.pdfhttps://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83https://github.com/mikel/mail/pull/1097https://github.com/rubysec/ruby-advisory-db/issues/215https://hackerone.com/reports/137631https://rubysec.com/advisories/mail-OSVDB-131677
2017-06-12
Published