7.8

CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tnef ProjectTnef Version <= 1.4.12
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.41% 0.692
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2017/dsa-3798
Third Party Advisory
http://www.securityfocus.com/bid/96427
Third Party Advisory
VDB Entry
https://github.com/verdammelt/tnef/blob/master/ChangeLog
Patch
Third Party Advisory
Release Notes
https://security.gentoo.org/glsa/201708-02
Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Patch
Third Party Advisory
https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
Patch
Third Party Advisory
Issue Tracking