QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4166

Published: Feb 6, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Vendor	Product	Versions
GNOME	Evolution	affected `3.8.4 and earlier`
GNOME	Evolution Data Server	affected `3.9.5 and earlier`

References

https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5

x_refsource_CONFIRM

https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d

x_refsource_CONFIRM

http://seclists.org/oss-sec/2013/q3/191

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=973728

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2013-1540.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.