ID CVE-2017-17689
Summary The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
References
Vulnerable Configurations
  • cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*
    cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*
    cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*
    cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*
  • cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*
    cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*
  • cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*
    cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*
  • cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*
    cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*
    cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*
  • cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*
    cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*
    cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 104165
confirm https://www.synology.com/support/security/Synology_SA_18_22
misc
Last major update 03-10-2019 - 00:03
Published 16-05-2018 - 19:29
Back to Top