Описание
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.18-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.4.18-1 |
| esm-apps/jammy | not-affected | 1.4.18-1 |
| esm-apps/noble | not-affected | 1.4.18-1 |
| esm-apps/xenial | released | 1.4.9-1+deb8u4build0.16.04.1 |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
In tnef before 1.4.18, an attacker may be able to write to the victim' ...
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3