CVE-2017-6309 Information

Description

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations controlled by an attacker.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.debian.org/security/2017/dsa-3798 http://www.securityfocus.com/bid/96427 https://github.com/verdammelt/tnef/blob/master/ChangeLog https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d https://security.gentoo.org/glsa/201708-02 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8