Back to search
CVE-2019-18849
Published: Nov 11, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/verdammelt/tnef/pull/40
x_refsource_MISC
https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18
x_refsource_MISC
[debian-lts-announce] 20191129 [SECURITY] [DLA 2005-1] tnef security update
mailing-list
x_refsource_MLIST
FEDORA-2019-5f14b810f8
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-815807c020
vendor-advisory
x_refsource_FEDORA
USN-4524-1
vendor-advisory
x_refsource_UBUNTU
[debian-lts-announce] 20210823 [SECURITY] [DLA 2748-1] tnef security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now