CVE-2017-7413 php-horde-crypt

Metadata

critical
9.0
php-horde-crypt
CVE-2017-7413
2017-06-18 07:51
CVE-2017-7413
2017-06-16 19:22
2017-05-28 05:03
2017-05-03 11:03
2017-04-13 05:03
2017-04-06 05:03
2017-04-05 13:03

Description

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster php-horde-crypt 2.7.5-2
jessie php-horde-crypt None
sid php-horde-crypt 2.7.5-2
stretch php-horde-crypt 2.7.5-2