Home > Vulnerability Database > CVE-2017-6308

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2017-6308

Good to know:

Date: February 23, 2017

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

Language: C

Severity Score

7.8

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-6308

Url: http://www.securityfocus.com/bid/96427

Url: https://security-tracker.debian.org/tracker/CVE-2017-6308

Url: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/

Url: http://www.debian.org/security/2017/dsa-3798

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6308

Url: https://github.com/verdammelt/tnef/blob/master/ChangeLog

Url: https://security.gentoo.org/glsa/201708-02

Url: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176

Url: https://www.mend.io/vulnerability-database/CVE-2017-6308

Severity Score

7.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version 1.4.13

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us