The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| postbox-inc | postbox | - |
| roundcube | webmail | - |
| apple | - | |
| flipdogsolutions | maildroid | - |
| freron | mailmate | - |
| horde | horde_imp | - |
| microsoft | outlook | 2007 |
| r2mail2 | r2mail2 | - |
| bloop | airmail | - |
| emclient | emclient | - |
| mozilla | thunderbird | - |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 9folders | nine | - |
| postbox-inc | postbox | - |
| ritlabs | the_bat | - |
| apple | - | |
| freron | mailmate | - |
| horde | horde_imp | - |
| microsoft | outlook | 2010 |
| kde | trojita | - |
| r2mail2 | r2mail2 | - |
| gnome | evolution | - |
| bloop | airmail | - |
| emclient | emclient | - |
| ibm | notes | - |
| flipdogsolutions | maildroid | - |
| microsoft | outlook | 2007 |
| microsoft | outlook | 2016 |
| gmail | - | |
| microsoft | outlook | 2013 |
| kde | kmail | - |
| mozilla | thunderbird | - |