Email Encryption Vulnerability in GNOME Evolution by Red Hat
CVE-2013-4166

7.5HIGH

Key Information:

Vendor: Gnome
Status: Evolution; Evolution Data Server
Vendor: CVE Published:; 6 February 2020

What is CVE-2013-4166?

A vulnerability exists in GNOME Evolution and Evolution Data Server that arises from the gpg_ctx_add_recipient function. This flaw does not accurately select the appropriate GPG key for email encryption, potentially resulting in emails being encrypted with incorrect keys. Consequently, this may enable remote attackers to gain unauthorized access to sensitive information by exploiting this error in key selection.

Affected Version(s)

Evolution 3.8.4 and earlier

Evolution Data Server 3.9.5 and earlier

References

https://git.gnome.org/browse/evolution-data-server/commit...

x_refsource_CONFIRM

https://git.gnome.org/browse/evolution-data-server/commit...

x_refsource_CONFIRM

http://seclists.org/oss-sec/2013/q3/191

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2020
Vulnerability Reserved
Jun 12, 2013

Gnome

What is CVE-2013-4166?

Affected Version(s)

References

CVSS V3.1

Timeline