CVE-2017-17689 (EFAIL)

CVSS v3.0 5.9 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.52 % (77^th)

Affected Products 17

Advisories 6

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-05-16 19:29:00
(6 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

9folders

Nine

Apple

Mail

Bloop

Airmail

Emclient

Emclient

Flipdogsolutions

Maildroid

Freron

Mailmate

Gnome

Evolution

Google

Gmail

Horde

Horde Imp

Ibm

Notes

Kde

Microsoft

Outlook

Mozilla

Thunderbird

Postbox-inc

Postbox

R2mail2

R2mail2

Ritlabs

The Bat

Configuration #1

		CPE23	From	Up To
	9folders Nine	cpe:2.3:a:9folders:nine:-
	Apple Mail	cpe:2.3:a:apple:mail:-
	Apple Mail for Iphone Os	cpe:2.3:a:apple:mail:-:::::iphone_os
	Bloop Airmail	cpe:2.3:a:bloop:airmail:-
	Emclient	cpe:2.3:a:emclient:emclient:-
	Flipdogsolutions Maildroid	cpe:2.3:a:flipdogsolutions:maildroid:-
	Freron Mailmate	cpe:2.3:a:freron:mailmate:-
	Gnome Evolution	cpe:2.3:a:gnome:evolution:-
	Google Gmail	cpe:2.3:a:google:gmail:-
	Horde Imp	cpe:2.3:a:horde:horde_imp:-
	Ibm Notes	cpe:2.3:a:ibm:notes:-
	Kde Kmail	cpe:2.3:a:kde:kmail:-
	Kde Trojita	cpe:2.3:a:kde:trojita:-
	Microsoft Outlook 2007	cpe:2.3:a:microsoft:outlook:2007
	Microsoft Outlook 2010	cpe:2.3:a:microsoft:outlook:2010
	Microsoft Outlook 2013	cpe:2.3:a:microsoft:outlook:2013
	Microsoft Outlook 2016	cpe:2.3:a:microsoft:outlook:2016
	Mozilla Thunderbird	cpe:2.3:a:mozilla:thunderbird:-
	Postbox-inc Postbox	cpe:2.3:a:postbox-inc:postbox:-
	R2mail2	cpe:2.3:a:r2mail2:r2mail2:-
	Ritlabs The Bat	cpe:2.3:a:ritlabs:the_bat:-

Weaknesses

Alias

Related CVEs

Affected Products

Configuration #1