CVE-2022-4055Improper Neutralization of Expression/Command Delimiters in Xdg-utils

CWE-146Improper Neutralization of Expression/Command Delimiters6 documents6 sources
Severity
7.4HIGHNVD
EPSS
0.0%
top 88.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Freedesktop Xdg-utilsDebian Xdg-utilsMsrc Azl3 Xdg-utils 1.2.1-3 ON Azure Linux 3.0
Timeline
PublishedNov 19

Description

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

NVDfreedesktop/xdg-utils1.1.01.1.3
CVEListV5freedesktop/xdg-utilsxdg-utils 1.1.0 to and including 1.1.3

🔴Vulnerability Details

2
GHSA
GHSA-p4jr-wm76-h2v3: When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird2022-11-19
OSV
CVE-2022-4055: When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird2022-11-19

📋Vendor Advisories

3
Microsoft
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An atta2022-11-08
Red Hat
xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments2022-08-03
Debian
CVE-2022-4055: xdg-utils - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing...2022