CVE-2017-6308 — Integer Overflow or Wraparound in Tnef

CWE-190 — Integer Overflow or Wraparound9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 39.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tnef Project Tnef Debian Tnef Debian Linux

Timeline

PublishedFeb 24

Latest updateFeb 8

Description

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/tnef< tnef 1.4.12-1.1 (bookworm)

▶Debiantnef_project/tnef< 1.4.12-1.1+3

▶NVDtnef_project/tnef1.4.12

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.x41-dsec.de ↗

🔴Vulnerability Details

GHSA

GHSA-pf7f-x7x4-c238: An issue was discovered in tnef before 1↗2022-05-14

▶

OSV

CVE-2017-6308: An issue was discovered in tnef before 1↗2017-02-24

▶

💥Exploits & PoCs

Nuclei

SAP NetWaver Security Checks

▶

📋Vendor Advisories

Debian

CVE-2017-6308: tnef - An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which ...↗2017

▶

📄Research Papers

arXiv

ReposVul: A Repository-Level High-Quality Vulnerability Dataset↗2024-02-08

▶

💬Community

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all]↗2017-02-28

▶

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13↗2017-02-28

▶

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [epel-all]↗2017-02-28

▶