In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T02:02:39.534Z
Reserved: 2019-11-11T00:00:00
Link: CVE-2019-18849

No data.

Status : Modified
Published: 2019-11-11T04:15:10.530
Modified: 2024-11-21T04:33:42.520
Link: CVE-2019-18849

No data.