CVE-2017-7413

Metadata

critical
9.0
php-horde-crypt
CVE-2017-7413
cve.mitre.org, lists.horde.org, bugs.debian.org
2017-04-04
2017-10-23 14:18
CVE-2017-7413 php-horde-crypt
2017-07-20 21:30
2017-06-16 19:22
2017-05-10 23:47
2017-04-14 10:21
2017-04-07 00:03

Description

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful php-horde-crypt None
devel php-horde-crypt None
trusty php-horde-crypt None
upstream php-horde-crypt None
xenial php-horde-crypt None
zesty php-horde-crypt None

Unaffected

Release Package Reason
precise php-horde-crypt DNE
precise/esm php-horde-crypt DNE
vivid/stable-phone-overlay php-horde-crypt DNE
vivid/ubuntu-core php-horde-crypt DNE
yakkety php-horde-crypt ignored