PT-2018-2971 · Gnome+5 · Gnome Evolution+5

Hanno Böck

Published

2018-05-27

Updated

2024-06-15

CVE-2018-15587

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GNOME Evolution versions 3.28.2 and earlier

Description The issue is related to the incorrect verification of OpenPGP signatures, allowing an attacker to spoof signatures for arbitrary messages. This can be achieved by sending a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. The vulnerability may allow a remote attacker to impact data integrity.

Recommendations For GNOME Evolution versions 3.28.2 and earlier, consider disabling the use of OpenPGP signatures until a patch is available. Restrict the handling of attachments that contain valid signatures to minimize the risk of exploitation.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2018-1911

BDU:2019-02900

CESA-2020_1080

CESA-2020_1600

CVE-2018-15587

DLA-1766-1

DSA-4457-1

OPENSUSE-SU-2019:1431-1

OPENSUSE-SU-2019:1453-1

OPENSUSE-SU-2019_1431-1

OPENSUSE-SU-2019_1453-1

OPENSUSE-SU-2019_1528-1

OPENSUSE-SU-2024:10743-1

RHSA-2020:1080

RHSA-2020:1600

RHSA-2020_1080

RHSA-2020_1600

SUSE-SU-2019:1266-1

SUSE-SU-2019:1266-2

SUSE-SU-2019:1391-1

SUSE-SU-2019:1391-2

SUSE-SU-2019_1266-1

SUSE-SU-2019_1266-2

SUSE-SU-2019_1391-1

SUSE-SU-2019_1391-2

USN-3998-1

Affected Products

Alt Linux

Centos

Gnome Evolution

Red Hat

Suse

Ubuntu

PT-2018-2971 · Gnome+5 · Gnome Evolution+5

CVE-2018-15587

Weakness Enumeration

Related Identifiers

Affected Products

References · 82