Vulnerability Details : CVE-2017-6308
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
Vulnerability category: Overflow
Products affected by CVE-2017-6308
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6308
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6308
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-6308
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6308
-
http://www.debian.org/security/2017/dsa-3798
Debian -- Security Information -- DSA-3798-1 tnefThird Party Advisory
-
https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Advisory X41-2017-04: Multiple Vulnerabilities in tnef | X41 D-SEC GmbHPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/96427
tnef Multiple Integer Overflow, Type Confusion and Out of Bounds Write VulnerabilitiesThird Party Advisory;VDB Entry
-
https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
Fix integer overflows and harden memory allocator. · verdammelt/tnef@c504468 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201708-02
TNEF: Multiple vulnerabilities (GLSA 201708-02) — Gentoo securityThird Party Advisory
-
https://github.com/verdammelt/tnef/blob/master/ChangeLog
tnef/ChangeLog at master · verdammelt/tnef · GitHubPatch;Release Notes;Third Party Advisory
Jump to