4.3

CVE-2012-1103

Exploit
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NotmuchmailNotmuch Version <= 0.11
   GnuEmacs Version-
NotmuchmailNotmuch Version0.1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.1.1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.2
   GnuEmacs Version-
NotmuchmailNotmuch Version0.3
   GnuEmacs Version-
NotmuchmailNotmuch Version0.3.1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.4
   GnuEmacs Version-
NotmuchmailNotmuch Version0.5
   GnuEmacs Version-
NotmuchmailNotmuch Version0.6
   GnuEmacs Version-
NotmuchmailNotmuch Version0.6 Update254
   GnuEmacs Version-
NotmuchmailNotmuch Version0.6 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.6.1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.7
   GnuEmacs Version-
NotmuchmailNotmuch Version0.7 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.8
   GnuEmacs Version-
NotmuchmailNotmuch Version0.8 Updaterc0
   GnuEmacs Version-
NotmuchmailNotmuch Version0.8 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.9
   GnuEmacs Version-
NotmuchmailNotmuch Version0.9 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.9 Updaterc2
   GnuEmacs Version-
NotmuchmailNotmuch Version0.10
   GnuEmacs Version-
NotmuchmailNotmuch Version0.10 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.10 Updaterc2
   GnuEmacs Version-
NotmuchmailNotmuch Version0.10.1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.10.2
   GnuEmacs Version-
NotmuchmailNotmuch Version0.11 Updaterc1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.11 Updaterc2
   GnuEmacs Version-
NotmuchmailNotmuch Version0.11 Updaterc2-1
   GnuEmacs Version-
NotmuchmailNotmuch Version0.11 Updaterc3
   GnuEmacs Version-
NotmuchmailNotmuch Version0.11 Updaterc3-1
   GnuEmacs Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.