Tnef
CVE-2017-8911
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
AnalysisAI
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-191. An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. Affected products include: Tnef Project Tnef.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message
An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication r
An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication r
An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication r
An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication r
Same weakness CWE-191 – Integer Underflow
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today