ID CVE-2017-17688
Summary The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*
  • cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*
    cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*
  • cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*
    cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*
    cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*
    cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*
    cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*
  • cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*
    cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*
  • cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 21-03-2024 - 02:28)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 104162
confirm https://www.synology.com/support/security/Synology_SA_18_22
misc
sectrack 1040904
Last major update 21-03-2024 - 02:28
Published 16-05-2018 - 19:29
Last modified 21-03-2024 - 02:28
Back to Top