CVE-2017-17689

Name: CVE-2017-17689
Creator: NVD / NIST
Published: 2018-05-16T19:29:00.303+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.22%

Last modified Jun 17, 2026

CVE-2017-17689 is a vulnerability of currently unknown severity. The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.. EPSS estimates a 4.22% chance of exploitation in the next 30 days.

Description

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

Metrics

EPSS Probability

4.22%

89.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
9folders	Nine	All versions
Apple	Mail	All versions
Bloop	Airmail	All versions
Emclient	Emclient	All versions
Flipdogsolutions	Maildroid	All versions
Freron	Mailmate	All versions
Gnome	Evolution	All versions
Google	Gmail	All versions
Horde	Horde Imp	All versions
Ibm	Notes	All versions
Kde	Kmail	All versions
Kde	Trojita	All versions
Microsoft	Outlook	2007
Microsoft	Outlook	2010
Microsoft	Outlook	2013
Microsoft	Outlook	2016
Mozilla	Thunderbird	All versions
Postbox-Inc	Postbox	All versions
R2mail2	R2mail2	All versions
Ritlabs	The Bat	All versions

References

http://www.securityfocus.com/bid/104165Third Party Advisory, VDB Entry
https://efail.deExploit, Mitigation, Third Party Advisory
https://news.ycombinator.com/item?id=17066419Issue Tracking, Third Party Advisory
https://pastebin.com/gNCc8aYmThird Party Advisory
https://twitter.com/matthew_d_green/status/996371541591019520Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22Third Party Advisory
http://www.securityfocus.com/bid/104165Third Party Advisory, VDB Entry
https://efail.deExploit, Mitigation, Third Party Advisory
https://news.ycombinator.com/item?id=17066419Issue Tracking, Third Party Advisory
https://pastebin.com/gNCc8aYmThird Party Advisory
https://twitter.com/matthew_d_green/status/996371541591019520Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22Third Party Advisory

Timeline

Published: May 16, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-17689?

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

How severe is CVE-2017-17689?

Severity scoring for CVE-2017-17689 is pending analysis. The EPSS model estimates a 4.22% probability of exploitation in the next 30 days.

How do I fix CVE-2017-17689?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17689?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST