PT-2017-14828 · Sylpheed+2 · Sylpheed+2
Publicado
2017-10-25
·
Atualizado
2017-12-29
·
CVE-2017-17517
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sylpheed versions prior to 3.7
Description
The issue is related to the
BROWSER environment variable, where strings are not validated before launching the specified program. This could allow remote attackers to conduct argument-injection attacks via a crafted URL.Recommendations
For versions prior to 3.7, update to version 3.7 or later to resolve the issue. As a temporary workaround, consider validating strings before launching the program specified by the
BROWSER environment variable to minimize the risk of exploitation.Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Debian
Sylpheed