{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-17T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://news.ycombinator.com/item?id=17066419"}, {"tags": ["x_refsource_MISC"], "url": "https://pastebin.com/gNCc8aYm"}, {"name": "104165", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104165"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/matthew_d_green/status/996371541591019520"}, {"tags": ["x_refsource_MISC"], "url": "https://efail.de"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/support/security/Synology_SA_18_22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17689", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://news.ycombinator.com/item?id=17066419", "refsource": "MISC", "url": "https://news.ycombinator.com/item?id=17066419"}, {"name": "https://pastebin.com/gNCc8aYm", "refsource": "MISC", "url": "https://pastebin.com/gNCc8aYm"}, {"name": "104165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104165"}, {"name": "https://twitter.com/matthew_d_green/status/996371541591019520", "refsource": "MISC", "url": "https://twitter.com/matthew_d_green/status/996371541591019520"}, {"name": "https://efail.de", "refsource": "MISC", "url": "https://efail.de"}, {"name": "https://www.synology.com/support/security/Synology_SA_18_22", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_22"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:59:17.441Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://news.ycombinator.com/item?id=17066419"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pastebin.com/gNCc8aYm"}, {"name": "104165", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104165"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/matthew_d_green/status/996371541591019520"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://efail.de"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/support/security/Synology_SA_18_22"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17689", "datePublished": "2018-05-16T19:00:00", "dateReserved": "2017-12-15T00:00:00", "dateUpdated": "2024-08-05T20:59:17.441Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EE489EA-2250-4BF0-800C-EDA6EA7D6AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*", "matchCriteriaId": "217117AE-C16C-4265-A9A9-152D06FCD64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "081D62F6-B751-4109-B10B-3CF9535B3C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*", "matchCriteriaId": "F389CED1-846A-4807-B8E7-00FBECAA41A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*", "matchCriteriaId": "930AFDDA-C32A-45E7-BA6E-5827E59B573B", "vulnerable": true}, {"criteria": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED2616EA-332D-4D6E-B66C-137A166E181D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C26D918-1548-4A62-BC5C-72DF9168A34E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*", "matchCriteriaId": "38B06B0D-E60A-4B61-9E39-F5116C8F22A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*", "matchCriteriaId": "C671802A-2362-4E66-B5D5-079E5E6B89A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDAD39AA-B9FD-492B-9BDA-57F74F4FABE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*", "matchCriteriaId": "91669C83-56A0-4087-8B6D-2012EB0AE9D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F01C924-2AE4-4214-9139-ED08293D198C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*", "matchCriteriaId": "93076D12-C4AD-4DE8-A76C-9819493FF516", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*", "matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*", "matchCriteriaId": "3A009EAF-41A1-4E6D-B1EB-A2DACE197A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*", "matchCriteriaId": "3CD3770E-9513-43B2-BC9E-0CA3F63D59FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*", "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862", "vulnerable": true}, {"criteria": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0BA111F-A9FB-457D-818E-412195F9EA0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*", "matchCriteriaId": "19296516-EAD4-4B08-8D9A-5E853C7BEF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*", "matchCriteriaId": "48A3CC49-2FAC-40C9-9CDA-E4440577205E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."}, {"lang": "es", "value": "La especificaci\u00f3n S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltraci\u00f3n en texto plano. Esto tambi\u00e9n se conoce como EFAIL."}], "id": "CVE-2017-17689", "lastModified": "2024-11-21T03:18:27.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-16T19:29:00.303", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104165"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://efail.de"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://news.ycombinator.com/item?id=17066419"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/gNCc8aYm"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/matthew_d_green/status/996371541591019520"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_18_22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://efail.de"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://news.ycombinator.com/item?id=17066419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/gNCc8aYm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://twitter.com/matthew_d_green/status/996371541591019520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_18_22"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "S/MIME: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails", "id": "1577909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577909"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."], "mitigation": {"lang": "en:us", "value": "The easiest way to mitigate this vulnerability is not to use HTML emails. If you really need to use them ensure that MUA clients disable external links embedded in HTML emails. For example in thunderbird email client, Edit->Preferences->Privacy->Disable \"Allow remote content in messages\"."}, "name": "CVE-2017-17689", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kdepim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kdepim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-17689\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17689\nhttps://efail.de/"], "statement": "The research paper talks about use of HTML as a back channel to create an oracle for modified encrypted emails. HTML emails which use external links like \"<img href=\"tla.org/TAG\"/>\" can cause security issues if they are honored by the MUAs. Due to flaws in MIME parsers many MUAs seem to concatenate decrypted HTML mine parts which makes it easy to plan such snippets in HTML emails. Please refer to https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html about how GnuPG can mitigate this flaw.\nFor Thunderbird, this vulnerability was known as CVE-2018-5162 and resolved in 52.8.", "threat_severity": "Moderate"}