CVE-2013-4166

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
gnomeevolution
𝑥
≤ 3.8.4
gnomeevolution_data_server
𝑥
≤ 3.9.5
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
evolution
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evolution-data-server
lucid
ignored
precise
Fixed 3.2.3-0ubuntu7.1
released
quantal
Fixed 3.6.2-0ubuntu0.2
released
raring
Fixed 3.6.4-0ubuntu1.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cheese
RHEL 6
0:2.28.1-8.el6
fixed
control-center
RHEL 6
1:2.28.1-39.el6
fixed
control-center-devel
RHEL 6
1:2.28.1-39.el6
fixed
control-center-extra
RHEL 6
1:2.28.1-39.el6
fixed
control-center-filesystem
RHEL 6
1:2.28.1-39.el6
fixed
ekiga
RHEL 6
0:3.2.6-4.el6
fixed
evolution
RHEL 6
0:2.32.3-30.el6
fixed
evolution-data-server
RHEL 6
0:2.32.3-18.el6
fixed
evolution-data-server-devel
RHEL 6
0:2.32.3-18.el6
fixed
evolution-data-server-doc
RHEL 6
0:2.32.3-18.el6
fixed
evolution-devel
RHEL 6
0:2.32.3-30.el6
fixed
evolution-devel-docs
RHEL 6
0:2.32.3-30.el6
fixed
evolution-exchange
RHEL 6
0:2.32.3-16.el6
fixed
evolution-help
RHEL 6
0:2.32.3-30.el6
fixed
evolution-mapi
RHEL 6
0:0.32.2-12.el6
fixed
evolution-mapi-devel
RHEL 6
0:0.32.2-12.el6
fixed
evolution-perl
RHEL 6
0:2.32.3-30.el6
fixed
evolution-pst
RHEL 6
0:2.32.3-30.el6
fixed
evolution-spamassassin
RHEL 6
0:2.32.3-30.el6
fixed
finch
RHEL 6
0:2.7.9-11.el6
fixed
finch-devel
RHEL 6
0:2.7.9-11.el6
fixed
gnome-panel
RHEL 6
0:2.30.2-15.el6
fixed
gnome-panel-devel
RHEL 6
0:2.30.2-15.el6
fixed
gnome-panel-libs
RHEL 6
0:2.30.2-15.el6
fixed
gnome-python2-applet
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-brasero
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-bugbuddy
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-desktop
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-evince
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-evolution
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-gnomedesktop
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-gnomekeyring
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-gnomeprint
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-gtksourceview
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-libgtop2
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-libwnck
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-metacity
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-rsvg
RHEL 6
0:2.28.0-5.el6
fixed
gnome-python2-totem
RHEL 6
0:2.28.0-5.el6
fixed
gtkhtml3
RHEL 6
0:3.32.2-2.el6
fixed
gtkhtml3-devel
RHEL 6
0:3.32.2-2.el6
fixed
libgdata
RHEL 6
0:0.6.4-2.el6
fixed
libgdata-devel
RHEL 6
0:0.6.4-2.el6
fixed
libpurple
RHEL 6
0:2.7.9-11.el6
fixed
libpurple-devel
RHEL 6
0:2.7.9-11.el6
fixed
libpurple-perl
RHEL 6
0:2.7.9-11.el6
fixed
libpurple-tcl
RHEL 6
0:2.7.9-11.el6
fixed
nautilus-sendto
RHEL 6
0:2.28.2-4.el6
fixed
nautilus-sendto-devel
RHEL 6
0:2.28.2-4.el6
fixed
openchange
RHEL 6
0:1.0-6.el6
fixed
openchange-client
RHEL 6
0:1.0-6.el6
fixed
openchange-devel
RHEL 6
0:1.0-6.el6
fixed
openchange-devel-docs
RHEL 6
0:1.0-6.el6
fixed
pidgin
RHEL 6
0:2.7.9-11.el6
fixed
pidgin-devel
RHEL 6
0:2.7.9-11.el6
fixed
pidgin-docs
RHEL 6
0:2.7.9-11.el6
fixed
pidgin-perl
RHEL 6
0:2.7.9-11.el6
fixed
planner
RHEL 6
0:0.14.4-10.el6
fixed
planner-devel
RHEL 6
0:0.14.4-10.el6
fixed
planner-eds
RHEL 6
0:0.14.4-10.el6
fixed
totem
RHEL 6
0:2.28.6-4.el6
fixed
totem-devel
RHEL 6
0:2.28.6-4.el6
fixed
totem-jamendo
RHEL 6
0:2.28.6-4.el6
fixed
totem-mozplugin
RHEL 6
0:2.28.6-4.el6
fixed
totem-nautilus
RHEL 6
0:2.28.6-4.el6
fixed
totem-upnp
RHEL 6
0:2.28.6-4.el6
fixed
totem-youtube
RHEL 6
0:2.28.6-4.el6
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2013-1540.html
http://seclists.org/oss-sec/2013/q3/191
https://bugzilla.redhat.com/show_bug.cgi?id=973728
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d
http://rhn.redhat.com/errata/RHSA-2013-1540.html
http://seclists.org/oss-sec/2013/q3/191
https://bugzilla.redhat.com/show_bug.cgi?id=973728
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d