Search

Find a vulnerability

Search criteria

    12 vulnerabilities by bloop

    VAR-201805-0228

    Vulnerability from variot - Updated: 2024-11-23 20:59

    The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-4244-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq


    Package : thunderbird CVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374

    Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

    For the stable distribution (stretch), these problems have been fixed in version 1:52.9.1-1~deb9u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8 TjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2 ih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ QJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ SphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq yVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ caA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC 92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83 mmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl 6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY rAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ vh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus= =R2OH -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0228",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "the bat",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ritlabs",
            "version": null
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "microsoft",
            "version": "2013"
          },
          {
            "model": "trojita",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "kde",
            "version": null
          },
          {
            "model": "emclient",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emclient",
            "version": null
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": "evolution",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gnome",
            "version": null
          },
          {
            "model": "airmail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bloop",
            "version": null
          },
          {
            "model": "mailmate",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freron",
            "version": null
          },
          {
            "model": "kmail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "kde",
            "version": null
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "imp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "horde",
            "version": null
          },
          {
            "model": "nine",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "9folders",
            "version": null
          },
          {
            "model": "maildroid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "flipdogsolutions",
            "version": null
          },
          {
            "model": "r2mail2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "r2mail2",
            "version": null
          },
          {
            "model": "mail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "notes",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2007"
          },
          {
            "model": "postbox",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postbox",
            "version": null
          },
          {
            "model": "gmail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9folders",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "airmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "evolution",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "flipdog",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gpgtools",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnupg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "kmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mailmate",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "postbox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "r2mail2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ritlabs srl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "roundcube",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the enigmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the horde",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trojita",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "em client",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "r2mail2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "r2mail2",
            "version": "0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.5.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.5.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "12.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.20"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.024"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "38.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "32.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.18"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.17"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.8.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "23.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.23"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.22"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.21"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.20"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.18"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "12.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "11.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "11.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.1"
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20100"
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20070"
          },
          {
            "model": "kmail",
            "scope": null,
            "trust": 0.3,
            "vendor": "kde",
            "version": null
          },
          {
            "model": "lotus inotes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "gmail for ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "0"
          },
          {
            "model": "mailmate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freron",
            "version": "0"
          },
          {
            "model": "mail",
            "scope": null,
            "trust": 0.3,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "airmail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "airmail",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "BID",
            "id": "104165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Damian Poddebniak, Christian Dresen, Jens Muller, Fabian Ising, Sebastian Schinzel1, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk",
        "sources": [
          {
            "db": "BID",
            "id": "104165"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17689",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17689",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-108736",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2017-17689",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17689",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-724",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108736",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-17689",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4244-1                   security@debian.org\nhttps://www.debian.org/security/                       Moritz Muehlenhoff\nJuly 13, 2018                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : thunderbird\nCVE ID         : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 \n                 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 \n                 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or attacks on\nencrypted emails. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.9.1-1~deb9u1. \n\nWe recommend that you upgrade your thunderbird packages. \n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8\nTjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2\nih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ\nQJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ\nSphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq\nyVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ\ncaA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC\n92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83\nmmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl\n6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY\nrAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ\nvh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus=\n=R2OH\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          },
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "BID",
            "id": "104165"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "db": "PACKETSTORM",
            "id": "148553"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17689",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "104165",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#122919",
            "trust": 2.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95575473",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "148553",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-108736",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "db": "BID",
            "id": "104165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "PACKETSTORM",
            "id": "148553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "id": "VAR-201805-0228",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T20:59:49.596000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Red Hat: CVE-2017-17689",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-17689"
          },
          {
            "title": "Efail-malleability-gadget-exploit",
            "trust": 0.1,
            "url": "https://github.com/jaads/Efail-malleability-gadget-exploit "
          },
          {
            "title": "SecDB - Security Feeds",
            "trust": 0.1,
            "url": "https://github.com/giterlizzi/secdb-feeds "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://efail.de/"
          },
          {
            "trust": 1.9,
            "url": "https://efail.de/efail-attack-paper.pdf"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/104165"
          },
          {
            "trust": 1.8,
            "url": "https://www.synology.com/support/security/synology_sa_18_22"
          },
          {
            "trust": 1.8,
            "url": "https://efail.de"
          },
          {
            "trust": 1.8,
            "url": "https://news.ycombinator.com/item?id=17066419"
          },
          {
            "trust": 1.8,
            "url": "https://pastebin.com/gncc8aym"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
          },
          {
            "trust": 1.2,
            "url": "https://www.kb.cert.org/vuls/id/122919"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc4880"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95575473/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577909"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-17689"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jaads/efail-malleability-gadget-exploit"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12360"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12365"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12373"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5188"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12366"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12372"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12374"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12364"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12359"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/thunderbird"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "db": "BID",
            "id": "104165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "PACKETSTORM",
            "id": "148553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "db": "BID",
            "id": "104165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "PACKETSTORM",
            "id": "148553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "date": "2018-05-14T00:00:00",
            "db": "BID",
            "id": "104165"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "date": "2018-07-14T12:12:00",
            "db": "PACKETSTORM",
            "id": "148553"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "date": "2018-05-16T19:29:00.303000",
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108736"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-17689"
          },
          {
            "date": "2018-05-14T00:00:00",
            "db": "BID",
            "id": "104165"
          },
          {
            "date": "2018-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          },
          {
            "date": "2024-11-21T03:18:27.893000",
            "db": "NVD",
            "id": "CVE-2017-17689"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenPGP and S/MIME mail client vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-724"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201805-0227

    Vulnerability from variot - Updated: 2024-11-23 20:04

    The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0227",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "webmail",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "roundcube",
            "version": null
          },
          {
            "model": "airmail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bloop",
            "version": null
          },
          {
            "model": "mailmate",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freron",
            "version": null
          },
          {
            "model": "imp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "horde",
            "version": null
          },
          {
            "model": "maildroid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "flipdogsolutions",
            "version": null
          },
          {
            "model": "r2mail2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "r2mail2",
            "version": null
          },
          {
            "model": "emclient",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emclient",
            "version": null
          },
          {
            "model": "mail",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2007"
          },
          {
            "model": "postbox",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postbox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9folders",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "airmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "evolution",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "flipdog",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gpgtools",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnupg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "kmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mailmate",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "postbox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "r2mail2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ritlabs srl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "roundcube",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the enigmail",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the horde",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trojita",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "em client",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "round cube webmail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "roundcube",
            "version": "0"
          },
          {
            "model": "r2mail2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "r2mail2",
            "version": "0"
          },
          {
            "model": "postbox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "postbox",
            "version": "0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.5.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.5.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "12.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.20"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.024"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.12"
          },
          {
            "model": "thunderbird beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.52"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "52"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "45.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "38.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "32.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "31"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.18"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.17"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.8.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "24.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "23.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.23"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.22"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.21"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.20"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.18"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "17.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "16"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "15"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "13.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "12.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "11.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "11.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.10"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.5.0.1"
          },
          {
            "model": "thunderbird beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "1.0.5"
          },
          {
            "model": "outlook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20070"
          },
          {
            "model": "project horde imp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "horde",
            "version": "0"
          },
          {
            "model": "solutions maildroid",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "flipdog",
            "version": "0"
          },
          {
            "model": "enigmail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "enigmail",
            "version": "0"
          },
          {
            "model": "client em client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "em",
            "version": "0"
          },
          {
            "model": "mail",
            "scope": null,
            "trust": 0.3,
            "vendor": "apple",
            "version": null
          },
          {
            "model": "airmail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "airmail",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "BID",
            "id": "104162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Damian Poddebniak, Christian Dresen, Jens M\u00fcller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk.",
        "sources": [
          {
            "db": "BID",
            "id": "104162"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17688",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17688",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-108735",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2017-17688",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17688",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-725",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108735",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-17688",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          },
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "BID",
            "id": "104162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17688",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "104162",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#122919",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1040904",
            "trust": 1.8
          },
          {
            "db": "JVN",
            "id": "JVNVU95575473",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-108735",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "db": "BID",
            "id": "104162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "id": "VAR-201805-0227",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T20:04:06.356000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: enigmail: efail attack against enigmail",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=56a8018aac811c8d81b81ef5a6c3623a"
          },
          {
            "title": "Red Hat: CVE-2017-17688",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-17688"
          },
          {
            "title": "Efail-malleability-gadget-exploit",
            "trust": 0.1,
            "url": "https://github.com/jaads/Efail-malleability-gadget-exploit "
          },
          {
            "title": "more\nBoring bugs",
            "trust": 0.1,
            "url": "https://github.com/hannob/pgpbugs "
          },
          {
            "title": "SecDB - Security Feeds",
            "trust": 0.1,
            "url": "https://github.com/giterlizzi/secdb-feeds "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://efail.de/"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/104162"
          },
          {
            "trust": 1.8,
            "url": "https://www.synology.com/support/security/synology_sa_18_22"
          },
          {
            "trust": 1.8,
            "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
          },
          {
            "trust": 1.8,
            "url": "https://efail.de"
          },
          {
            "trust": 1.8,
            "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-may/060334.html"
          },
          {
            "trust": 1.8,
            "url": "https://news.ycombinator.com/item?id=17066419"
          },
          {
            "trust": 1.8,
            "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
          },
          {
            "trust": 1.8,
            "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1040904"
          },
          {
            "trust": 1.6,
            "url": "https://efail.de/efail-attack-paper.pdf"
          },
          {
            "trust": 1.2,
            "url": "https://www.kb.cert.org/vuls/id/122919"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc4880"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95575473/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
          },
          {
            "trust": 0.3,
            "url": "https://www.openpgp.org/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577906"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-17688"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898630"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jaads/efail-malleability-gadget-exploit"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "db": "BID",
            "id": "104162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "db": "BID",
            "id": "104162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "date": "2018-05-14T00:00:00",
            "db": "BID",
            "id": "104162"
          },
          {
            "date": "2018-05-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "date": "2018-05-16T19:29:00.223000",
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#122919"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108735"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-17688"
          },
          {
            "date": "2018-05-15T10:00:00",
            "db": "BID",
            "id": "104162"
          },
          {
            "date": "2018-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012995"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          },
          {
            "date": "2024-11-21T03:18:27.723000",
            "db": "NVD",
            "id": "CVE-2017-17688"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenPGP and S/MIME mail client vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#122919"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-725"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-15670 (GCVE-0-2018-15670)

    Vulnerability from nvd – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-4/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15670",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15669 (GCVE-0-2018-15669)

    Vulnerability from nvd – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-3/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15669",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15668 (GCVE-0-2018-15668)

    Vulnerability from nvd – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-2/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15668",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17689 (GCVE-0-2017-17689)

    Vulnerability from nvd – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59
    VLAI
    Summary
    The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:59:17.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=17066419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/gNCc8aYm"
              },
              {
                "name": "104165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104165"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://efail.de"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_22"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.ycombinator.com/item?id=17066419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/gNCc8aYm"
            },
            {
              "name": "104165",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104165"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://efail.de"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_22"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://news.ycombinator.com/item?id=17066419",
                  "refsource": "MISC",
                  "url": "https://news.ycombinator.com/item?id=17066419"
                },
                {
                  "name": "https://pastebin.com/gNCc8aYm",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/gNCc8aYm"
                },
                {
                  "name": "104165",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104165"
                },
                {
                  "name": "https://twitter.com/matthew_d_green/status/996371541591019520",
                  "refsource": "MISC",
                  "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
                },
                {
                  "name": "https://efail.de",
                  "refsource": "MISC",
                  "url": "https://efail.de"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_22",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_22"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17689",
        "datePublished": "2018-05-16T19:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:59:17.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17688 (GCVE-0-2017-17688)

    Vulnerability from nvd – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59 Disputed
    VLAI
    Summary
    The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:59:17.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=17066419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
              },
              {
                "name": "104162",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104162"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://efail.de"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_22"
              },
              {
                "name": "1040904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.ycombinator.com/item?id=17066419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
            },
            {
              "name": "104162",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104162"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://efail.de"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_22"
            },
            {
              "name": "1040904",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040904"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://protonmail.com/blog/pgp-vulnerability-efail",
                  "refsource": "MISC",
                  "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
                },
                {
                  "name": "https://news.ycombinator.com/item?id=17066419",
                  "refsource": "MISC",
                  "url": "https://news.ycombinator.com/item?id=17066419"
                },
                {
                  "name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
                  "refsource": "MISC",
                  "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
                },
                {
                  "name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
                  "refsource": "MISC",
                  "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
                },
                {
                  "name": "104162",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104162"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
                },
                {
                  "name": "https://efail.de",
                  "refsource": "MISC",
                  "url": "https://efail.de"
                },
                {
                  "name": "https://twitter.com/matthew_d_green/status/995996706457243648",
                  "refsource": "MISC",
                  "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_22",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_22"
                },
                {
                  "name": "1040904",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17688",
        "datePublished": "2018-05-16T19:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:59:17.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15668 (GCVE-0-2018-15668)

    Vulnerability from cvelistv5 – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-2/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15668",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15670 (GCVE-0-2018-15670)

    Vulnerability from cvelistv5 – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-4/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15670",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15669 (GCVE-0-2018-15669)

    Vulnerability from cvelistv5 – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
    VLAI
    Summary
    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-21T23:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://versprite.com/advisories/airmail-3-for-mac-3/",
                  "refsource": "MISC",
                  "url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15669",
        "datePublished": "2018-08-21T23:00:00.000Z",
        "dateReserved": "2018-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:01:54.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17688 (GCVE-0-2017-17688)

    Vulnerability from cvelistv5 – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59 Disputed
    VLAI
    Summary
    The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:59:17.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=17066419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
              },
              {
                "name": "104162",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104162"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://efail.de"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_22"
              },
              {
                "name": "1040904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.ycombinator.com/item?id=17066419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
            },
            {
              "name": "104162",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104162"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://efail.de"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_22"
            },
            {
              "name": "1040904",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040904"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://protonmail.com/blog/pgp-vulnerability-efail",
                  "refsource": "MISC",
                  "url": "https://protonmail.com/blog/pgp-vulnerability-efail"
                },
                {
                  "name": "https://news.ycombinator.com/item?id=17066419",
                  "refsource": "MISC",
                  "url": "https://news.ycombinator.com/item?id=17066419"
                },
                {
                  "name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
                  "refsource": "MISC",
                  "url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
                },
                {
                  "name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
                  "refsource": "MISC",
                  "url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
                },
                {
                  "name": "104162",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104162"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
                },
                {
                  "name": "https://efail.de",
                  "refsource": "MISC",
                  "url": "https://efail.de"
                },
                {
                  "name": "https://twitter.com/matthew_d_green/status/995996706457243648",
                  "refsource": "MISC",
                  "url": "https://twitter.com/matthew_d_green/status/995996706457243648"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_22",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_22"
                },
                {
                  "name": "1040904",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17688",
        "datePublished": "2018-05-16T19:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:59:17.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17689 (GCVE-0-2017-17689)

    Vulnerability from cvelistv5 – Published: 2018-05-16 19:00 – Updated: 2024-08-05 20:59
    VLAI
    Summary
    The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:59:17.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=17066419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/gNCc8aYm"
              },
              {
                "name": "104165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104165"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://efail.de"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_22"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.ycombinator.com/item?id=17066419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/gNCc8aYm"
            },
            {
              "name": "104165",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104165"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://efail.de"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_22"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://news.ycombinator.com/item?id=17066419",
                  "refsource": "MISC",
                  "url": "https://news.ycombinator.com/item?id=17066419"
                },
                {
                  "name": "https://pastebin.com/gNCc8aYm",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/gNCc8aYm"
                },
                {
                  "name": "104165",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104165"
                },
                {
                  "name": "https://twitter.com/matthew_d_green/status/996371541591019520",
                  "refsource": "MISC",
                  "url": "https://twitter.com/matthew_d_green/status/996371541591019520"
                },
                {
                  "name": "https://efail.de",
                  "refsource": "MISC",
                  "url": "https://efail.de"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_22",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_22"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17689",
        "datePublished": "2018-05-16T19:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:59:17.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }