CVE-2013-4166

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.8.4 and earlier Evolution Data Server versions 3.9.5 and earlier

Description: The issue is related to the gpg ctx add recipient function, which does not properly select the GPG key for email encryption. This might cause emails to be encrypted with the wrong key, potentially allowing remote attackers to obtain sensitive information.

Recommendations: For GNOME Evolution versions 3.8.4 and earlier, update to a version later than 3.8.4 to resolve the issue. For Evolution Data Server versions 3.9.5 and earlier, update to a version later than 3.9.5 to resolve the issue. As a temporary workaround, consider restricting the use of email encryption until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2013_1540

CVE-2013-4166

MGASA-2013-0245

RHSA-2013:1540

RHSA-2013_1540

Affected Products

Centos

Debian

Evolution Data Server

Gnome Evolution

Red Hat

CVE-2013-4166

Weakness Enumeration

Related Identifiers

Affected Products

References · 15