CVE-2017-17688

Severity

43%

Complexity

86%

Confidentiality

48%

** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.

CVSS 3.0 Base Score 5.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 6 years ago

2018-05-16 19:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Apple Mail

Microsoft Outlook 2007

2007

Mozilla Thunderbird

References

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2017-17688

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 6 years ago

Last updated 5 years ago

Affected Software

Apple Mail

Microsoft Outlook 2007

Mozilla Thunderbird

References

http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html

104162

1040904

https://efail.de

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

https://news.ycombinator.com/item?id=17066419

https://protonmail.com/blog/pgp-vulnerability-efail

https://twitter.com/matthew_d_green/status/995996706457243648

https://www.patreon.com/posts/cybersecurity-15-18814817

https://www.synology.com/support/security/Synology_SA_18_22

Stay updated

Get in touch