CVE-2017-17689

Published: May 16, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

Affected (21)

Products: 9folders: Nine · Apple: Mail · Bloop: Airmail · +13 more

Show all products

9folders: Nine · Apple: Mail · Bloop: Airmail · Emclient: Emclient · Flipdogsolutions: Maildroid · Freron: Mailmate · Gnome: Evolution · Google: Gmail · Horde: Horde Imp · Ibm: Notes · Kde: Kmail, Trojita · Microsoft: Outlook · Mozilla: Thunderbird · Postbox Inc: Postbox · R2mail2: R2mail2 · Ritlabs: The Bat

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

2 products

1 product

1 product

1 product

1 product

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
9folders Nine	All versions
Apple Mail	All versions
Apple Mail	All versions
Bloop Airmail	All versions
Emclient Emclient	All versions
Flipdogsolutions Maildroid	All versions
Freron Mailmate	All versions
Gnome Evolution	All versions
Google Gmail	All versions
Horde Horde Imp	All versions
Ibm Notes	All versions
Kde Kmail	All versions
Kde Trojita	All versions
Microsoft Outlook	Version 2007
Microsoft Outlook	Version 2010
Microsoft Outlook	Version 2013
Microsoft Outlook	Version 2016
Mozilla Thunderbird	All versions
Postbox Inc Postbox	All versions
R2mail2 R2mail2	All versions
Ritlabs The Bat	All versions