Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for emclient by emclient
VAR-201805-0227
Vulnerability from variot - Updated: 2024-05-17 19:19The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webmail",
"scope": "eq",
"trust": 1.6,
"vendor": "roundcube",
"version": null
},
{
"model": "emclient",
"scope": "eq",
"trust": 1.0,
"vendor": "emclient",
"version": null
},
{
"model": "imp",
"scope": "eq",
"trust": 1.0,
"vendor": "horde",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "postbox",
"scope": "eq",
"trust": 1.0,
"vendor": "postbox",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 1.0,
"vendor": "bloop",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "maildroid",
"scope": "eq",
"trust": 1.0,
"vendor": "flipdogsolutions",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 1.0,
"vendor": "r2mail2",
"version": null
},
{
"model": "mailmate",
"scope": "eq",
"trust": 1.0,
"vendor": "freron",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2007"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "9folders",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "airmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "evolution",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "flipdog",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gpgtools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnupg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mailmate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postbox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ritlabs srl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "roundcube",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the enigmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the horde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trojita",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "em client",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "round cube webmail",
"scope": "eq",
"trust": 0.3,
"vendor": "roundcube",
"version": "0"
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 0.3,
"vendor": "r2mail2",
"version": "0"
},
{
"model": "postbox",
"scope": "eq",
"trust": 0.3,
"vendor": "postbox",
"version": "0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.5.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "thunderbird beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "thunderbird beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20070"
},
{
"model": "project horde imp",
"scope": "eq",
"trust": 0.3,
"vendor": "horde",
"version": "0"
},
{
"model": "solutions maildroid",
"scope": "eq",
"trust": 0.3,
"vendor": "flipdog",
"version": "0"
},
{
"model": "enigmail",
"scope": "eq",
"trust": 0.3,
"vendor": "enigmail",
"version": "0"
},
{
"model": "client em client",
"scope": "eq",
"trust": 0.3,
"vendor": "em",
"version": "0"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 0.3,
"vendor": "airmail",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Damian Poddebniak, Christian Dresen, Jens M\u00fcller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk.",
"sources": [
{
"db": "BID",
"id": "104162"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17688",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17688",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17688",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-725",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108735",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17688",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17688"
},
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17688",
"trust": 2.9
},
{
"db": "BID",
"id": "104162",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#122919",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040904",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU95575473",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-108735",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17688",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"id": "VAR-201805-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-17T19:19:57.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: enigmail: efail attack against enigmail",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=56a8018aac811c8d81b81ef5a6c3623a"
},
{
"title": "Red Hat: CVE-2017-17688",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-17688"
},
{
"title": "Efail-malleability-gadget-exploit",
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit "
},
{
"title": "more\nBoring bugs",
"trust": 0.1,
"url": "https://github.com/hannob/pgpbugs "
},
{
"title": "SecDB - Security Feeds",
"trust": 0.1,
"url": "https://github.com/giterlizzi/secdb-feeds "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://efail.de/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/104162"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_22"
},
{
"trust": 1.8,
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"trust": 1.8,
"url": "https://efail.de"
},
{
"trust": 1.8,
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-may/060334.html"
},
{
"trust": 1.8,
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"trust": 1.8,
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"trust": 1.8,
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"trust": 1.8,
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1040904"
},
{
"trust": 1.6,
"url": "https://efail.de/efail-attack-paper.pdf"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/122919"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4880"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95575473/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
},
{
"trust": 0.3,
"url": "https://www.openpgp.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577906"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-17688"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898630"
},
{
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-14T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108735"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104162"
},
{
"date": "2018-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"date": "2018-05-16T19:29:00.223000",
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108735"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"date": "2018-05-15T10:00:00",
"db": "BID",
"id": "104162"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"date": "2024-05-17T01:16:13.807000",
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenPGP and S/MIME mail client vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
}
],
"trust": 0.6
}
}
VAR-201805-0228
Vulnerability from variot - Updated: 2024-02-13 20:51The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4244-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq
Package : thunderbird CVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
For the stable distribution (stretch), these problems have been fixed in version 1:52.9.1-1~deb9u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8 TjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2 ih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ QJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ SphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq yVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ caA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC 92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83 mmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl 6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY rAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ vh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus= =R2OH -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "the bat",
"scope": "eq",
"trust": 1.6,
"vendor": "ritlabs",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2013"
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2007"
},
{
"model": "kmail",
"scope": "eq",
"trust": 1.0,
"vendor": "kde",
"version": null
},
{
"model": "maildroid",
"scope": "eq",
"trust": 1.0,
"vendor": "flipdogsolutions",
"version": null
},
{
"model": "imp",
"scope": "eq",
"trust": 1.0,
"vendor": "horde",
"version": null
},
{
"model": "notes",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "trojita",
"scope": "eq",
"trust": 1.0,
"vendor": "kde",
"version": null
},
{
"model": "emclient",
"scope": "eq",
"trust": 1.0,
"vendor": "emclient",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "gmail",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "mailmate",
"scope": "eq",
"trust": 1.0,
"vendor": "freron",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 1.0,
"vendor": "bloop",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "postbox",
"scope": "eq",
"trust": 1.0,
"vendor": "postbox",
"version": null
},
{
"model": "evolution",
"scope": "eq",
"trust": 1.0,
"vendor": "gnome",
"version": null
},
{
"model": "nine",
"scope": "eq",
"trust": 1.0,
"vendor": "9folders",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 1.0,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "9folders",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "airmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "evolution",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "flipdog",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gpgtools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnupg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mailmate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postbox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ritlabs srl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "roundcube",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the enigmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the horde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trojita",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "em client",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 0.3,
"vendor": "r2mail2",
"version": "0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.5.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20100"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20070"
},
{
"model": "kmail",
"scope": null,
"trust": 0.3,
"vendor": "kde",
"version": null
},
{
"model": "lotus inotes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "gmail for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "mailmate",
"scope": "eq",
"trust": 0.3,
"vendor": "freron",
"version": "0"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 0.3,
"vendor": "airmail",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Damian Poddebniak, Christian Dresen, Jens Muller, Fabian Ising, Sebastian Schinzel1, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk",
"sources": [
{
"db": "BID",
"id": "104165"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108736",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17689",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-724",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108736",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4244-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 13, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 \n CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 \n CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or attacks on\nencrypted emails. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.9.1-1~deb9u1. \n\nWe recommend that you upgrade your thunderbird packages. \n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8\nTjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2\nih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ\nQJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ\nSphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq\nyVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ\ncaA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC\n92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83\nmmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl\n6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY\nrAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ\nvh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus=\n=R2OH\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17689"
},
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "PACKETSTORM",
"id": "148553"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17689",
"trust": 3.0
},
{
"db": "BID",
"id": "104165",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#122919",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU95575473",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "148553",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-108736",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17689",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"id": "VAR-201805-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T20:51:14.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: CVE-2017-17689",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-17689"
},
{
"title": "Efail-malleability-gadget-exploit",
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit "
},
{
"title": "SecDB - Security Feeds",
"trust": 0.1,
"url": "https://github.com/giterlizzi/secdb-feeds "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://efail.de/"
},
{
"trust": 1.9,
"url": "https://efail.de/efail-attack-paper.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/104165"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_22"
},
{
"trust": 1.8,
"url": "https://efail.de"
},
{
"trust": 1.8,
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"trust": 1.8,
"url": "https://pastebin.com/gncc8aym"
},
{
"trust": 1.8,
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/122919"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4880"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95575473/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577909"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-17689"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12374"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12364"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12359"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/thunderbird"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-14T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108736"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104165"
},
{
"date": "2018-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2018-07-14T12:12:00",
"db": "PACKETSTORM",
"id": "148553"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"date": "2018-05-16T19:29:00.303000",
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108736"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104165"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenPGP and S/MIME mail client vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
}
],
"trust": 0.6
}
}
CVE-2017-17688 (GCVE-0-2017-17688)
Vulnerability from cvelistv5 – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59 Disputed
VLAI
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://protonmail.com/blog/pgp-vulnerability-efail | x_refsource_MISC |
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC |
| https://www.patreon.com/posts/cybersecurity-15-18814817 | x_refsource_MISC |
| http://flaked.sockpuppet.org/2018/05/16/a-unified… | x_refsource_MISC |
| http://www.securityfocus.com/bid/104162 | vdb-entryx_refsource_BID |
| https://lists.gnupg.org/pipermail/gnupg-users/201… | x_refsource_MISC |
| https://efail.de | x_refsource_MISC |
| https://twitter.com/matthew_d_green/status/995996… | x_refsource_MISC |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1040904 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://protonmail.com/blog/pgp-vulnerability-efail",
"refsource": "MISC",
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
"refsource": "MISC",
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
"refsource": "MISC",
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104162"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://twitter.com/matthew_d_green/status/995996706457243648",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17688",
"datePublished": "2018-05-16T19:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17689 (GCVE-0-2017-17689)
Vulnerability from cvelistv5 – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59
VLAI
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC |
| https://pastebin.com/gNCc8aYm | x_refsource_MISC |
| http://www.securityfocus.com/bid/104165 | vdb-entryx_refsource_BID |
| https://twitter.com/matthew_d_green/status/996371… | x_refsource_MISC |
| https://efail.de | x_refsource_MISC |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://pastebin.com/gNCc8aYm",
"refsource": "MISC",
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104165"
},
{
"name": "https://twitter.com/matthew_d_green/status/996371541591019520",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17689",
"datePublished": "2018-05-16T19:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17688 (GCVE-0-2017-17688)
Vulnerability from nvd – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59 Disputed
VLAI
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://protonmail.com/blog/pgp-vulnerability-efail | x_refsource_MISC |
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC |
| https://www.patreon.com/posts/cybersecurity-15-18814817 | x_refsource_MISC |
| http://flaked.sockpuppet.org/2018/05/16/a-unified… | x_refsource_MISC |
| http://www.securityfocus.com/bid/104162 | vdb-entryx_refsource_BID |
| https://lists.gnupg.org/pipermail/gnupg-users/201… | x_refsource_MISC |
| https://efail.de | x_refsource_MISC |
| https://twitter.com/matthew_d_green/status/995996… | x_refsource_MISC |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1040904 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://protonmail.com/blog/pgp-vulnerability-efail",
"refsource": "MISC",
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
"refsource": "MISC",
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
"refsource": "MISC",
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104162"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://twitter.com/matthew_d_green/status/995996706457243648",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17688",
"datePublished": "2018-05-16T19:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17689 (GCVE-0-2017-17689)
Vulnerability from nvd – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59
VLAI
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC |
| https://pastebin.com/gNCc8aYm | x_refsource_MISC |
| http://www.securityfocus.com/bid/104165 | vdb-entryx_refsource_BID |
| https://twitter.com/matthew_d_green/status/996371… | x_refsource_MISC |
| https://efail.de | x_refsource_MISC |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://pastebin.com/gNCc8aYm",
"refsource": "MISC",
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104165"
},
{
"name": "https://twitter.com/matthew_d_green/status/996371541591019520",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17689",
"datePublished": "2018-05-16T19:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}