CVE-2017-17689
published 2018-05-16CVE-2017-17689: The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evolution | < kf5-messagelib 4:18.08.1-1 (bookworm) | kf5-messagelib 4:18.08.1-1 (bookworm) |
| debian | kf5-messagelib | < kf5-messagelib 4:18.08.1-1 (bookworm) | kf5-messagelib 4:18.08.1-1 (bookworm) |
| kmail | kmail | >= 0 < 4:17.12.3-0ubuntu1+esm1 | 4:17.12.3-0ubuntu1+esm1 |
| kmail | kmail | >= 0 < 4:19.12.3-0ubuntu1+esm1 | 4:19.12.3-0ubuntu1+esm1 |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM