Fluid Attacks Database

Description

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	evolution	=3.38.3-1 \|\| =3.38.3-1+deb11u1 \|\| =3.38.3-1+deb11u2 \|\| =3.38.3-1+deb11u3 \|\| =3.39.2-1 \|\| =3.39.3-1 \|\| =3.40.0-1 \|\| =3.40.1-1 \|\| =3.40.2-1 \|\| =3.40.4-1 \|\| =3.42.0-1 \|\| =3.42.0-2 \|\| =3.42.1-1 \|\| =3.42.2-1 \|\| =3.42.3-1 \|\| =3.42.4-1 \|\| =3.43.2-1 \|\| =3.43.2-2 \|\| =3.43.3-1 \|\| =3.44.0-1 \|\| =3.44.0-2 \|\| =3.44.1-1 \|\| =3.44.1-2 \|\| =3.44.2-1 \|\| =3.44.3-1 \|\| =3.44.3-2 \|\| =3.44.4-1 \|\| =3.45.2-1 \|\| =3.45.2-2 \|\| =3.45.3-1 \|\| =3.45.3-2 \|\| =3.46.0-1 \|\| =3.46.0-2 \|\| =3.46.1-1 \|\| =3.46.2-1 \|\| =3.46.3-1 \|\| =3.46.4-1 \|\| =3.46.4-2 \|\| =3.47.2-1 \|\| =3.47.3-1 \|\| =3.48.0-1 \|\| =3.48.1-1 \|\| =3.48.2-1 \|\| =3.48.3-1 \|\| =3.48.4-1 \|\| =3.49.2-1 \|\| =3.49.2-2 \|\| =3.49.2-3 \|\| =3.49.3-1 \|\| =3.50.0-1 \|\| =3.50.1-1 \|\| =3.50.2-1 \|\| =3.50.3-1 \|\| =3.51.2-1 \|\| =3.52.0-1 \|\| =3.52.1-1 \|\| =3.52.1-2 \|\| =3.52.1-3 \|\| =3.52.1-4 \|\| =3.52.2-1 \|\| =3.52.2-2 \|\| =3.52.3-1 \|\| =3.53.2-1 \|\| =3.53.3-1 \|\| =3.54.0-1 \|\| =3.54.1-1 \|\| =3.54.2-1 \|\| =3.54.3-1 \|\| =3.54.3-2 \|\| =3.55.1-1 \|\| =3.55.1-2 \|\| =3.55.2-1 \|\| =3.55.3-1 \|\| =3.56.0-1 \|\| =3.56.1-1 \|\| =3.56.2-1 \|\| =3.56.2-2 \|\| =3.56.2-3 \|\| =3.56.2-4 \|\| =3.56.2-5 \|\| =3.56.2-7 \|\| =3.56.2-8 \|\| =3.56.2-9	-
debian 12	evolution	=3.46.4-2 \|\| =3.46.4-2+deb12u1 \|\| =3.47.2-1 \|\| =3.47.3-1 \|\| =3.48.0-1 \|\| =3.48.1-1 \|\| =3.48.2-1 \|\| =3.48.3-1 \|\| =3.48.4-1 \|\| =3.49.2-1 \|\| =3.49.2-2 \|\| =3.49.2-3 \|\| =3.49.3-1 \|\| =3.50.0-1 \|\| =3.50.1-1 \|\| =3.50.2-1 \|\| =3.50.3-1 \|\| =3.51.2-1 \|\| =3.52.0-1 \|\| =3.52.1-1 \|\| =3.52.1-2 \|\| =3.52.1-3 \|\| =3.52.1-4 \|\| =3.52.2-1 \|\| =3.52.2-2 \|\| =3.52.3-1 \|\| =3.53.2-1 \|\| =3.53.3-1 \|\| =3.54.0-1 \|\| =3.54.1-1 \|\| =3.54.2-1 \|\| =3.54.3-1 \|\| =3.54.3-2 \|\| =3.55.1-1 \|\| =3.55.1-2 \|\| =3.55.2-1 \|\| =3.55.3-1 \|\| =3.56.0-1 \|\| =3.56.1-1 \|\| =3.56.2-1 \|\| =3.56.2-2 \|\| =3.56.2-3 \|\| =3.56.2-4 \|\| =3.56.2-5 \|\| =3.56.2-7 \|\| =3.56.2-8 \|\| =3.56.2-9	-
debian 14	evolution	=3.56.1-1 \|\| =3.56.2-1 \|\| =3.56.2-2 \|\| =3.56.2-3 \|\| =3.56.2-4 \|\| =3.56.2-5 \|\| =3.56.2-7 \|\| =3.56.2-8 \|\| =3.56.2-9	-
debian 13	evolution	=3.56.1-1 \|\| =3.56.1-1+deb13u1 \|\| =3.56.2-0+deb13u1 \|\| =3.56.2-1 \|\| =3.56.2-2 \|\| =3.56.2-3 \|\| =3.56.2-4 \|\| =3.56.2-5 \|\| =3.56.2-7 \|\| =3.56.2-8 \|\| =3.56.2-9	-
rpm rhel6	gnome-python2-desktop	<0:2.28.0-5.el6	0:2.28.0-5.el6
rpm rhel5	evolution	-	-
rpm rhel6	openchange	<0:1.0-6.el6	0:1.0-6.el6
rpm rhel6	totem	<0:2.28.6-4.el6	0:2.28.6-4.el6
rpm rhel6	ekiga	<0:3.2.6-4.el6	0:3.2.6-4.el6
rpm rhel6	nautilus-sendto	<0:2.28.2-4.el6	0:2.28.2-4.el6

1-10 of 21

Aliases

1. CVE-2013-41662. NVD-2013-41663. OSV-DEBIAN-2013-41664. OSV-2013-41665. SECURITY-TRACKER-CVE-2013-4166

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.