tutao tutanota prior 3.119.10 Email denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in tutao tutanota. Affected by this issue is some unknown functionality of the component Email Handler. The manipulation results in denial of service. This vulnerability is identified as CVE-2024-23655. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, was found in tutao tutanota. Affected is an unknown part of the component Email Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.
The weakness was released 01/25/2024 as GHSA-5h47-g927-629g. The advisory is available at github.com. This vulnerability is traded as CVE-2024-23655 since 01/19/2024. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1499 by the MITRE ATT&CK project.
Upgrading to version 3.119.10 eliminates this vulnerability. The upgrade is hosted for download at github.com.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Website
- Product: https://github.com/tutao/tutanota/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CNA Base Score: 7.5
CNA Vector (GitHub, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: tutanota 3.119.10
Timeline
01/19/2024 🔍01/25/2024 🔍
01/25/2024 🔍
02/18/2024 🔍
Sources
Product: github.comAdvisory: GHSA-5h47-g927-629g
Status: Confirmed
CVE: CVE-2024-23655 (🔍)
GCVE (CVE): GCVE-0-2024-23655
GCVE (VulDB): GCVE-100-252066
Entry
Created: 01/25/2024 22:52Updated: 02/18/2024 18:16
Changes: 01/25/2024 22:52 (51), 02/18/2024 18:16 (11)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.