CVE-2017-17688

Published: May 16, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

Affected (12)

Products: Apple: Mail · Bloop: Airmail · Emclient: Emclient · +8 more

Show all products

Apple: Mail · Bloop: Airmail · Emclient: Emclient · Flipdogsolutions: Maildroid · Freron: Mailmate · Horde: Horde Imp · Microsoft: Outlook · Mozilla: Thunderbird · Postbox Inc: Postbox · R2mail2: R2mail2 · Roundcube: Webmail

1 product

1 product

1 product

Flipdogsolutions

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Apple Mail	All versions
Apple Mail	All versions
Bloop Airmail	All versions
Emclient Emclient	All versions
Flipdogsolutions Maildroid	All versions
Freron Mailmate	All versions
Horde Horde Imp	All versions
Microsoft Outlook	Version 2007
Mozilla Thunderbird	All versions
Postbox Inc Postbox	All versions
R2mail2 R2mail2	All versions
Roundcube Webmail	All versions

References (20)

http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/104162

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040904

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://efail.de

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

Source: cve@mitre.org

Third Party Advisory

https://news.ycombinator.com/item?id=17066419

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://protonmail.com/blog/pgp-vulnerability-efail

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://twitter.com/matthew_d_green/status/995996706457243648

Source: cve@mitre.org

Third Party Advisory

https://www.patreon.com/posts/cybersecurity-15-18814817

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://www.synology.com/support/security/Synology_SA_18_22

Source: cve@mitre.org

Third Party Advisory

http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/104162

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040904

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://efail.de

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://news.ycombinator.com/item?id=17066419

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://protonmail.com/blog/pgp-vulnerability-efail

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://twitter.com/matthew_d_green/status/995996706457243648

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.patreon.com/posts/cybersecurity-15-18814817

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://www.synology.com/support/security/Synology_SA_18_22

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.