Summaryinfo

A vulnerability was found in GNOME Evolution up to 3.38.3. It has been rated as problematic. This issue affects some unknown processing of the component Valid Signature Handler. The manipulation leads to signature verification. The identification of this vulnerability is CVE-2021-3349. There is no exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability was found in GNOME Evolution up to 3.38.3. It has been declared as problematic. This vulnerability affects an unknown code block of the component Valid Signature Handler. The manipulation with an unknown input leads to a signature verification vulnerability. The CWE definition for the vulnerability is CWE-347. The product does not verify, or incorrectly verifies, the cryptographic signature for data. The impact remains unknown.

The weakness was shared 02/01/2021. The advisory is shared for download at mgorny.pl. This vulnerability was named CVE-2021-3349. There are neither technical details nor an exploit publicly available.

The real existence of this vulnerability is still doubted at the moment.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at dev.gnupg.org.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• GNOME

Name

• Evolution

Version

• 3.38.0
• 3.38.1
• 3.38.2
• 3.38.3

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion