Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-16
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
| Products | Nine, Mail, Airmail, Emclient, Maildroid, Mailmate, Evolution, Gmail, Horde_imp, Notes, Kmail, Trojita, Outlook, Thunderbird, Postbox, R2mail2, The_bat |
| Type | ? (NVD-CWE-noinfo) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.securityfocus.com/bid/104165
• https://efail.de • https://twitter.com/matthew_d_green/status/996371541591019520 • https://www.synology.com/support/security/Synology_SA_18_22 • https://news.ycombinator.com/item?id=17066419 |