CVE-2019-10735
First published: Sun Apr 07 2019(Updated: )
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Claws-Mail | =3.14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-10735?
The severity of CVE-2019-10735 is considered moderate as it allows attackers to manipulate encrypted email content.
How do I fix CVE-2019-10735?
To fix CVE-2019-10735, it is recommended to upgrade Claws Mail to the latest version that addresses this vulnerability.
Who is affected by CVE-2019-10735?
Users of Claws Mail version 3.14.1 are affected by CVE-2019-10735, particularly those using S/MIME or PGP encrypted emails.
What kind of attacks does CVE-2019-10735 enable?
CVE-2019-10735 enables attackers to manipulate multipart emails containing encrypted parts, potentially allowing for information disclosure.
What versions of Claws Mail are vulnerable to CVE-2019-10735?
Claws Mail version 3.14.1 is specifically vulnerable to CVE-2019-10735.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/claws-mail
- canonical/claws-mail
- version/claws-mail/3.14.1