CVE-2017-17688 — Sensitive Information Exposure in Microsoft Outlook
Severity
5.9MEDIUMNVD
EPSS
3.3%
top 12.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 16
Latest updateMay 13
Description
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
4GHSA▶
GHSA-87q6-mg5f-mp98: ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltra↗2022-05-13
OSV▶
CVE-2017-17688: ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltra↗2018-05-16
CVEList▶
CVE-2017-17688: The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL↗2018-05-16
OSV▶
CVE-2017-17688: The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL↗2018-05-16
📋Vendor Advisories
2💬Community
8Bugzilla▶
CVE-2017-17688 OpenPGP: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails↗2018-05-14