emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Notmuchmail
  • Notmuch
Gnu
  • Emacs

Configuration 1 [-]

AND
OR cpe:2.3:a:notmuchmail:notmuch:*:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.1:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.2:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.3:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.4:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.5:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.6:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.6:254:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.7:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.8:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.8:rc0:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.9:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.10:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.10:rc2:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.11:rc1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.11:rc2:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.11:rc2-1:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.11:rc3:*:*:*:*:*:*
cpe:2.3:a:notmuchmail:notmuch:0.11:rc3-1:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:-:*:*:*:*:*:*:*
References
Link Resource
http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el Exploit Patch
http://notmuchmail.org/news/release-0.11.1/ Vendor Advisory
http://secunia.com/advisories/48139 Vendor Advisory
http://www.debian.org/security/2012/dsa-2416
http://www.openwall.com/lists/oss-security/2012/03/04/5 Exploit Patch
http://www.openwall.com/lists/oss-security/2012/03/05/6 Exploit Patch
http://www.securityfocus.com/bid/52155
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:27

Updated: 2022-10-03T16:15:27

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-1103

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-09-25T23:55:01.923

Modified: 2012-09-26T04:00:00.000

Link: CVE-2012-1103

JSON object: View

cve-icon Redhat Information

No data.

CWE