CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-18849
https://notcve.org/view.php?id=CVE-2019-18849
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. En tnef versiones anteriores a 1.4.18, un atacante puede escribir en el archivo .ssh/Authorizedkeys de la víctima por medio de un mensaje de correo electrónico con un archivo adjunto application/ms-tnef de winmail.dat, debido a una lectura excesiva del búfer en la región heap de la memoria que involucra a strdup. • https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18 https://github.com/verdammelt/tnef/pull/40 https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE https://usn.ubuntu.c • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6308
https://notcve.org/view.php?id=CVE-2017-6308
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Varios desbordamientos de entero, que pueden conducir a operaciones de desbordamiento de memoria dinámica, se han identificado en las funciones que envuelven la asignación de memoria. • http://www.debian.org/security/2017/dsa-3798 http://www.securityfocus.com/bid/96427 https://github.com/verdammelt/tnef/blob/master/ChangeLog https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176 https://security.gentoo.org/glsa/201708-02 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6310
https://notcve.org/view.php?id=CVE-2017-6310
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado cuatro confusiones tipo en la función file_add_mapi_attrs(). • http://www.debian.org/security/2017/dsa-3798 http://www.securityfocus.com/bid/96427 https://github.com/verdammelt/tnef/blob/master/ChangeLog https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d https://security.gentoo.org/glsa/201708-02 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6307
https://notcve.org/view.php?id=CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado dos escrituras OOB en src/mapi_attr.c:mapi_attr_read(). • http://www.debian.org/security/2017/dsa-3798 http://www.securityfocus.com/bid/96427 https://github.com/verdammelt/tnef/blob/master/ChangeLog https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a https://security.gentoo.org/glsa/201708-02 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6309
https://notcve.org/view.php?id=CVE-2017-6309
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado dos confusiones tipo en la función parse_file(). • http://www.debian.org/security/2017/dsa-3798 http://www.securityfocus.com/bid/96427 https://github.com/verdammelt/tnef/blob/master/ChangeLog https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d https://security.gentoo.org/glsa/201708-02 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •