CVE-2017-6309 — Out-of-bounds Read in Tnef

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write7 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 36.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tnef Project Tnef Debian Tnef Debian Linux

Timeline

PublishedFeb 24

Latest updateMay 14

Description

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/tnef< tnef 1.4.12-1.1 (bookworm)

▶Debiantnef_project/tnef< 1.4.12-1.1+3

▶NVDtnef_project/tnef1.4.12

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.x41-dsec.de ↗

🔴Vulnerability Details

GHSA

GHSA-69j8-qm33-j976: An issue was discovered in tnef before 1↗2022-05-14

▶

OSV

CVE-2017-6309: An issue was discovered in tnef before 1↗2017-02-24

▶

📋Vendor Advisories

Debian

CVE-2017-6309: tnef - An issue was discovered in tnef before 1.4.13. Two type confusions have been ide...↗2017

▶

💬Community

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all]↗2017-02-28

▶

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13↗2017-02-28

▶

Bugzilla

CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [epel-all]↗2017-02-28

▶