Vulnerability CVE-2018-15588


Published: 2019-02-11

Description:
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

Type:

CWE-20

(Improper Input Validation)

Vendor: Freron
Product: Mailmate 
Version:
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9
1.8
1.7.2
1.7.1
1.7
1.6
1.5.4
1.5.3
1.5.2
1.5.1
1.5
1.4.3
1.4.2
1.4.1
1.4
1.3.1
1.3
1.2
1.11.2
1.11.1
1.11
1.10
1.1.2
1.1.1
1.0.2
1.0.1

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
http://seclists.org/fulldisclosure/2019/Apr/38
http://www.openwall.com/lists/oss-security/2019/04/30/4
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
https://updates.mailmate-app.com/release_notes

Copyright 2019, cxsecurity.com

 

Back to Top