cvedb.io
CVE-2017-17688
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2018-05-16T19:29:00.223 · Last modified 2026-06-17T01:11:29.613

Summary

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

Affected products

apple — mail

Does this affect you?

Add your gear to cvedb and we'll alert you only when apple ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.