The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2013-1540.html | Third Party Advisory |
http://seclists.org/oss-sec/2013/q3/191 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=973728 | Issue Tracking Third Party Advisory |
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5 | Patch Vendor Advisory |
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:28
Type | Values Removed | Values Added |
---|---|---|
Summary | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | |
References |
|
02 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2013-4166 evolution: incorrect selection of recipient gpg public key for encrypted mail |
Information
Published : 2020-02-06 15:15
Updated : 2023-12-10 13:13
NVD link : CVE-2013-4166
Mitre link : CVE-2013-4166
CVE.ORG link : CVE-2013-4166
JSON object : View
Products Affected
gnome
- evolution
- evolution_data_server
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor