CVE-2017-17517Injection in Project Sylpheed

CWE-74Injection8 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 32.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sylpheed Project Sylpheed
Timeline
PublishedDec 14
Latest updateMay 14

Description

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-834x-38jv-m3qg: libsylph/utils2022-05-14
OSV
CVE-2017-17517: libsylph/utils2017-12-14
CVEList
CVE-2017-17517: libsylph/utils2017-12-14

📋Vendor Advisories

1
Debian
CVE-2017-17517: sylpheed - libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launch...2017

💬Community

3
Bugzilla
CVE-2017-17517 sylpheed: Command injection in libsylph/utils.c [epel-7]2017-12-14
Bugzilla
CVE-2017-17517 sylpheed: Command injection in libsylph/utils.c2017-12-14
Bugzilla
CVE-2017-17517 sylpheed: Command injection in libsylph/utils.c [fedora-all]2017-12-14
CVE-2017-17517 — Injection in Sylpheed Project Sylpheed | cvebase