CVE-2019-18849

Priority
Description
In tnef before 1.4.18, an attacker may be able to write to the victim's
.ssh/authorized_keys file via an e-mail message with a crafted winmail.dat
application/ms-tnef attachment, because of a heap-based buffer over-read
involving strdup.
Notes
Package
Source: tnef (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.9-1+deb8u4build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.4.18-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.4.18-1)
More Information

Updated: 2020-09-22 00:17:08 UTC (commit ad0ca33d776745f4a5ed1853d8a1f2f94d3f0276)