What is CVE-2013-4166?

CVE-2013-4166 is a vulnerability in GNOME Evolution and Evolution Data Server that allows remote attackers to encrypt an email with the wrong key.

What is the severity of CVE-2013-4166?

CVE-2013-4166 has a severity rating of 7.5 (high).

Which software versions are affected by CVE-2013-4166?

GNOME Evolution version 3.8.4 and earlier, and Evolution Data Server version 3.9.5 and earlier are affected by CVE-2013-4166.

How can CVE-2013-4166 be exploited?

CVE-2013-4166 can be exploited by remote attackers to encrypt an email with the wrong key.

Where can I find more information about CVE-2013-4166?

More information about CVE-2013-4166 can be found in Redhat's Errata RHSA-2013-1540, the OSS Security mailing list, and the Bugzilla entry.

Vulnerability/
CVE-2013-4166

high

7.5

CWE

200

6/2/2020

13/2/2023

CVE-2013-4166: Infoleak

First published: Thu Feb 06 2020(Updated: )

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNOME Evolution	<=3.8.4
Gnome Evolution Data Server	<=3.9.5
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Workstation	=6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2013-4166?
CVE-2013-4166 is a vulnerability in GNOME Evolution and Evolution Data Server that allows remote attackers to encrypt an email with the wrong key.
What is the severity of CVE-2013-4166?
CVE-2013-4166 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2013-4166?
GNOME Evolution version 3.8.4 and earlier, and Evolution Data Server version 3.9.5 and earlier are affected by CVE-2013-4166.
How can CVE-2013-4166 be exploited?
CVE-2013-4166 can be exploited by remote attackers to encrypt an email with the wrong key.
Where can I find more information about CVE-2013-4166?
More information about CVE-2013-4166 can be found in Redhat's Errata RHSA-2013-1540, the OSS Security mailing list, and the Bugzilla entry.

collector/nvd-index
vendor/gnome
canonical/gnome evolution
version/gnome evolution/3.8.4
canonical/gnome evolution data server
version/gnome evolution data server/3.9.5
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.