Vulnerability Details CVE-2012-1103
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el
- http://notmuchmail.org/news/release-0.11.1/
- http://secunia.com/advisories/48139
- http://www.debian.org/security/2012/dsa-2416
- http://www.openwall.com/lists/oss-security/2012/03/04/5
- http://www.openwall.com/lists/oss-security/2012/03/05/6
- http://www.securityfocus.com/bid/52155
- http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el
- http://notmuchmail.org/news/release-0.11.1/
- http://secunia.com/advisories/48139
- http://www.debian.org/security/2012/dsa-2416
- http://www.openwall.com/lists/oss-security/2012/03/04/5
- http://www.openwall.com/lists/oss-security/2012/03/05/6
- http://www.securityfocus.com/bid/52155
Products affected by CVE-2012-1103
-
cpe:2.3:a:gnu:emacs:-
-
cpe:2.3:a:notmuchmail:notmuch:*
-
cpe:2.3:a:notmuchmail:notmuch:0.1
-
cpe:2.3:a:notmuchmail:notmuch:0.1.1
-
cpe:2.3:a:notmuchmail:notmuch:0.10
-
cpe:2.3:a:notmuchmail:notmuch:0.10.1
-
cpe:2.3:a:notmuchmail:notmuch:0.10.2
-
cpe:2.3:a:notmuchmail:notmuch:0.11
-
cpe:2.3:a:notmuchmail:notmuch:0.2
-
cpe:2.3:a:notmuchmail:notmuch:0.3
-
cpe:2.3:a:notmuchmail:notmuch:0.3.1
-
cpe:2.3:a:notmuchmail:notmuch:0.4
-
cpe:2.3:a:notmuchmail:notmuch:0.5
-
cpe:2.3:a:notmuchmail:notmuch:0.6
-
cpe:2.3:a:notmuchmail:notmuch:0.6.1
-
cpe:2.3:a:notmuchmail:notmuch:0.7
-
cpe:2.3:a:notmuchmail:notmuch:0.8
-
cpe:2.3:a:notmuchmail:notmuch:0.9