CVE-2017-17688

Опубликовано: 16 мая 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 5.9

Описание

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	2:2.0.8-1~ubuntu0.16.04.2
cosmic	not-affected	2:2.0.8-1~ubuntu0.16.04.2
devel	not-affected	2:2.0.8-1~ubuntu0.16.04.2
disco	not-affected	2:2.0.8-1~ubuntu0.16.04.2
esm-apps/bionic	not-affected	2:2.0.8-1~ubuntu0.16.04.2
esm-apps/xenial	not-affected	2:2.0.8-1~ubuntu0.16.04.2
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
precise/esm	DNE
trusty	ignored	end of standard support

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2017-17688

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2017-17688

CVSS3: 5.9

nvd

больше 7 лет назад

CVE-2017-17688

CVSS3: 5.9

debian

больше 7 лет назад

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleabi ...

GHSA-87q6-mg5f-mp98

CVSS3: 5.9

github

больше 3 лет назад

** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.

openSUSE-SU-2018:1393-1

suse-cvrf

больше 7 лет назад

Security update for enigmail

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2017-17688

Описание

Пакет enigmail

Ссылки на источники

Связанные уязвимости