Unrated severityNVD Advisory· Published Feb 6, 2020· Updated Aug 6, 2024

CVE-2013-4166

Description

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Affected products

GNOME Foundation/Evolutionv5
Range: 3.8.4 and earlier
GNOME/Evolution Data Serverv5
Range: 3.9.5 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-1540.htmlmitrex_refsource_CONFIRM
seclists.org/oss-sec/2013/q3/191mitrex_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
git.gnome.org/browse/evolution-data-server/commit/mitrex_refsource_CONFIRM
git.gnome.org/browse/evolution-data-server/commit/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000