MidnightBSD

Advisories for postbox-inc

CVE-2017-17688 MEDIUM

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
postbox-inc postbox -
roundcube webmail -
apple mail -
flipdogsolutions maildroid -
freron mailmate -
horde horde_imp -
microsoft outlook 2007
r2mail2 r2mail2 -
bloop airmail -
emclient emclient -
mozilla thunderbird -
CVE-2017-17689 MEDIUM

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
9folders nine -
postbox-inc postbox -
ritlabs the_bat -
apple mail -
freron mailmate -
horde horde_imp -
microsoft outlook 2010
kde trojita -
r2mail2 r2mail2 -
gnome evolution -
bloop airmail -
emclient emclient -
ibm notes -
flipdogsolutions maildroid -
microsoft outlook 2007
microsoft outlook 2016
google gmail -
microsoft outlook 2013
kde kmail -
mozilla thunderbird -