CVE-2017-17689

Description

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

How to fix CVE-2017-17689

To remediate CVE-2017-17689, upgrade the affected package to a fixed version below.

Debian/evolution—no fix listed
Debian/kf5-messagelib—upgrade to 4:18.08.1-1 or later

Is CVE-2017-17689 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0
from 0, < 4:18.08.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-17689