MidnightBSD

Advisories for r2mail2

CVE-2017-17688 MEDIUM

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
r2mail2 r2mail2 -
postbox-inc postbox -
freron mailmate -
apple mail -
flipdogsolutions maildroid -
microsoft outlook 2007
bloop airmail -
emclient emclient -
mozilla thunderbird -
horde horde_imp -
roundcube webmail -
CVE-2017-17689 MEDIUM

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
microsoft outlook 2010
freron mailmate -
apple mail -
kde kmail -
microsoft outlook 2013
microsoft outlook 2007
emclient emclient -
mozilla thunderbird -
horde horde_imp -
r2mail2 r2mail2 -
google gmail -
ibm notes -
postbox-inc postbox -
flipdogsolutions maildroid -
9folders nine -
ritlabs the_bat -
kde trojita -
bloop airmail -
microsoft outlook 2016
gnome evolution -