CVE-2017-17689

Опубликовано: 16 мая 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

Ссылки

http://www.securityfocus.com/bid/104165
Third Party Advisory
VDB Entry
https://efail.de
Exploit
Mitigation
Third Party Advisory
https://news.ycombinator.com/item?id=17066419
Issue Tracking
Third Party Advisory
https://pastebin.com/gNCc8aYm
Third Party Advisory
https://twitter.com/matthew_d_green/status/996371541591019520
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22
Third Party Advisory
http://www.securityfocus.com/bid/104165
Third Party Advisory
VDB Entry
https://efail.de
Exploit
Mitigation
Third Party Advisory
https://news.ycombinator.com/item?id=17066419
Issue Tracking
Third Party Advisory
https://pastebin.com/gNCc8aYm
Third Party Advisory
https://twitter.com/matthew_d_green/status/996371541591019520
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*

cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*

cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*

cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*

cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*

cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*

cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*

cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*

cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*

cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*

cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*

cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*

cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*

cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*

cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00822

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-17689

CVSS3: 5.9

ubuntu

больше 7 лет назад

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVE-2017-17689

CVSS3: 5.3

redhat

больше 7 лет назад

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVE-2017-17689

CVSS3: 5.9

debian

больше 7 лет назад

The S/MIME specification allows a Cipher Block Chaining (CBC) malleabi ...

GHSA-xv45-9768-g2mm

CVSS3: 5.9

github

больше 3 лет назад

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

openSUSE-SU-2018:1393-1

suse-cvrf

больше 7 лет назад

Security update for enigmail

EPSS

Процентиль: 74%

0.00822

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo