CVE-2019-10732

CWE-319 — Cleartext Transmission10 documents7 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 65.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux KDE Kmail

Timeline

PublishedApr 7

Latest updateSep 2

Description

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶Debiankf5-messagelib< 4:19.08.3-1+1

▶NVDkde/kmail5.2.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-87wx-cphx-3wgj: In KDE KMail 5↗2022-05-13

▶

CVEList

CVE-2019-10732: In KDE KMail 5↗2019-04-07

▶

OSV

CVE-2019-10732: In KDE KMail 5↗2019-04-07

▶

📋Vendor Advisories

Ubuntu

PIM Messagelib vulnerabilities↗2025-09-02

▶

Ubuntu

KDE PIM vulnerabilities↗2025-09-02

▶

Debian

CVE-2019-10732: kf5-messagelib - In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails ...↗2019

▶

💬Community

Bugzilla

CVE-2019-10732 kmail: decryption based on replying to PGP or S/MIME encrypted emails↗2019-04-10

▶

Bugzilla

CVE-2019-10732 kmail-account-wizard: kmail: decryption based on replying to PGP or S/MIME encrypted emails [fedora-all]↗2019-04-10

▶

Bugzilla

CVE-2019-10732 kmail: decryption based on replying to PGP or S/MIME encrypted emails [fedora-all]↗2019-04-10

▶