Jump to:

CVE-2019-10735

Jump to:

CVE-2019-10735

Package claws-mail updated to version 3.15.0-alt1 for branch sisyphus in task 180933.

Published: 2019-04-07
Modified: 2024-11-21

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159

Version: 2.1.0

Package claws-mail update in sisyphus on 2017-03-27

ALT-PU-2017-1355-1

Closed vulnerabilities

CVE-2019-10735