Vulnerability Details CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/104165
- https://efail.de
- https://news.ycombinator.com/item?id=17066419
- https://pastebin.com/gNCc8aYm
- https://twitter.com/matthew_d_green/status/996371541591019520
- https://www.synology.com/support/security/Synology_SA_18_22
- http://www.securityfocus.com/bid/104165
- https://efail.de
- https://news.ycombinator.com/item?id=17066419
- https://pastebin.com/gNCc8aYm
- https://twitter.com/matthew_d_green/status/996371541591019520
- https://www.synology.com/support/security/Synology_SA_18_22
Products affected by CVE-2017-17689
-
cpe:2.3:a:9folders:nine:-
-
cpe:2.3:a:apple:mail:-
-
cpe:2.3:a:bloop:airmail:-
-
cpe:2.3:a:emclient:emclient:-
-
cpe:2.3:a:flipdogsolutions:maildroid:-
-
cpe:2.3:a:freron:mailmate:-
-
cpe:2.3:a:gnome:evolution:-
-
cpe:2.3:a:google:gmail:-
-
cpe:2.3:a:horde:horde_imp:-
-
cpe:2.3:a:ibm:notes:-
-
cpe:2.3:a:kde:kmail:-
-
cpe:2.3:a:kde:trojita:-
-
cpe:2.3:a:microsoft:outlook:2007
-
cpe:2.3:a:microsoft:outlook:2010
-
cpe:2.3:a:microsoft:outlook:2013
-
cpe:2.3:a:microsoft:outlook:2016
-
cpe:2.3:a:mozilla:thunderbird:-
-
cpe:2.3:a:postbox-inc:postbox:-
-
cpe:2.3:a:r2mail2:r2mail2:-
-
cpe:2.3:a:ritlabs:the_bat:-