Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by tnef_project
CVE-2019-18849 (GCVE-0-2019-18849)
Vulnerability from cvelistv5 – Published: 2019-11-11 03:21 – Updated: 2024-08-05 02:02
VLAI
Summary
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/pull/40 | x_refsource_MISC |
| https://github.com/verdammelt/tnef/compare/1.4.17… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://usn.ubuntu.com/4524-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/pull/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2005-1] tnef security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html"
},
{
"name": "FEDORA-2019-5f14b810f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/"
},
{
"name": "FEDORA-2019-815807c020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/"
},
{
"name": "USN-4524-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4524-1/"
},
{
"name": "[debian-lts-announce] 20210823 [SECURITY] [DLA 2748-1] tnef security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tnef before 1.4.18, an attacker may be able to write to the victim\u0027s .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T18:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/pull/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2005-1] tnef security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html"
},
{
"name": "FEDORA-2019-5f14b810f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/"
},
{
"name": "FEDORA-2019-815807c020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/"
},
{
"name": "USN-4524-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4524-1/"
},
{
"name": "[debian-lts-announce] 20210823 [SECURITY] [DLA 2748-1] tnef security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In tnef before 1.4.18, an attacker may be able to write to the victim\u0027s .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/pull/40",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/pull/40"
},
{
"name": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2005-1] tnef security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html"
},
{
"name": "FEDORA-2019-5f14b810f8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/"
},
{
"name": "FEDORA-2019-815807c020",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/"
},
{
"name": "USN-4524-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4524-1/"
},
{
"name": "[debian-lts-announce] 20210823 [SECURITY] [DLA 2748-1] tnef security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18849",
"datePublished": "2019-11-11T03:21:55.000Z",
"dateReserved": "2019-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:02:39.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8911 (GCVE-0-2017-8911)
Vulnerability from cvelistv5 – Published: 2017-05-12 06:54 – Updated: 2024-08-05 16:48
VLAI
Summary
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/issues/23 | x_refsource_MISC |
| http://www.debian.org/security/2017/dsa-3869 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201708-02 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/issues/23"
},
{
"name": "DSA-3869",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3869"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/issues/23"
},
{
"name": "DSA-3869",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3869"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/issues/23",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/issues/23"
},
{
"name": "DSA-3869",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3869"
},
{
"name": "GLSA-201708-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8911",
"datePublished": "2017-05-12T06:54:00.000Z",
"dateReserved": "2017-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:48:22.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6310 (GCVE-0-2017-6310)
Vulnerability from cvelistv5 – Published: 2017-02-24 04:23 – Updated: 2024-08-05 15:25
VLAI
Summary
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/blob/master/Ch… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96427 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| http://www.debian.org/security/2017/dsa-3798 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201708-02 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/verdammelt/tnef/commit/8dccf79… | x_refsource_MISC |
Date Public
2017-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96427"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"name": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6310",
"datePublished": "2017-02-24T04:23:00.000Z",
"dateReserved": "2017-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:48.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6308 (GCVE-0-2017-6308)
Vulnerability from cvelistv5 – Published: 2017-02-24 04:23 – Updated: 2024-08-05 15:25
VLAI
Summary
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/blob/master/Ch… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96427 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| https://github.com/verdammelt/tnef/commit/c504468… | x_refsource_MISC |
| http://www.debian.org/security/2017/dsa-3798 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201708-02 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96427"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176"
},
{
"name": "DSA-3798",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6308",
"datePublished": "2017-02-24T04:23:00.000Z",
"dateReserved": "2017-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6309 (GCVE-0-2017-6309)
Vulnerability from cvelistv5 – Published: 2017-02-24 04:23 – Updated: 2024-08-05 15:25
VLAI
Summary
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/blob/master/Ch… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96427 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| http://www.debian.org/security/2017/dsa-3798 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201708-02 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/verdammelt/tnef/commit/8dccf79… | x_refsource_MISC |
Date Public
2017-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96427"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "DSA-3798",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-02"
},
{
"name": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6309",
"datePublished": "2017-02-24T04:23:00.000Z",
"dateReserved": "2017-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:48.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6307 (GCVE-0-2017-6307)
Vulnerability from cvelistv5 – Published: 2017-02-24 04:23 – Updated: 2024-08-05 15:25
VLAI
Summary
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/verdammelt/tnef/blob/master/Ch… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96427 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| https://github.com/verdammelt/tnef/commit/1a17af1… | x_refsource_MISC |
| http://www.debian.org/security/2017/dsa-3798 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201708-02 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a"
},
{
"name": "DSA-3798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verdammelt/tnef/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/blob/master/ChangeLog"
},
{
"name": "96427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96427"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"
},
{
"name": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a",
"refsource": "MISC",
"url": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a"
},
{
"name": "DSA-3798",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3798"
},
{
"name": "GLSA-201708-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6307",
"datePublished": "2017-02-24T04:23:00.000Z",
"dateReserved": "2017-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:48.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}