VDB
CVE-2017-17689
CVE-2017-17689
PUBLISHED
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
EPSS 0.45% · 63.9th percentile
Risk Scores
EPSS Score
0.45%
63.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | thunderbird | *, 0, * |
| Ubuntu:Pro:14.04:LTS | kdepim | 0, *, * |
| Ubuntu:Pro:16.04:LTS | kdepim | 4:15.12.3-0ubuntu1.1, 0, 4:15.08.2-0ubuntu1 |
| Ubuntu:18.04:LTS | thunderbird | 0, 1:52.4.0+build1-0ubuntu2, 1:52.6.0+build1-0ubuntu1 |
| Ubuntu:Pro:18.04:LTS | kf5-messagelib | 4:17.12.2-0ubuntu3, 4:17.08.3-0ubuntu2, 4:17.08.3-0ubuntu1 |
| Ubuntu:14.04:LTS | thunderbird | 1:45.4.0+build1-0ubuntu0.14.04.1, 1:45.3.0+build1-0ubuntu0.14.04.4, 1:45.2.0+build1-0ubuntu0.14.04.3 |
| Ubuntu:Pro:18.04:LTS | kmail | *, 0, 4:17.12.3-0ubuntu1 |
Exploit Intelligence
- https://efail.de (nist-nvd)
Timeline
- May 14, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 20, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-17689 third-party-advisory
- https://efail.de third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-17689 third-party-advisory
- https://ubuntu.com/security/notices/USN-7729-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-7730-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-7731-1 vendor-advisory
- Multiples vulnérabilités dans S/MIME et OpenPGP advisory