CVE-2019-10741

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10741

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10741.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10741

Published

2019-04-07T15:29:00.450Z

Modified

2026-04-10T04:13:54.913061Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states "We don't plan to take any action because of this."

References

https://github.com/k9mail/k-9/issues/3925

Affected packages

Git / github.com/k9mail/k-9

Affected ranges

Type

GIT

Repo

https://github.com/k9mail/k-9

Events

Introduced

Last affected

a903bd6f81e929bdd486b12e24afe851d06b7dcf

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.600"
        }
    ]
}

Affected versions

2.*

2.102

2.103

2.105

2.106

2.107

2.108

2.109

2.300

2.301

2.302

2.303

2.304

2.305

2.306

2.307

2.308

2.309

2.310

2.311

2.312

2.503

2.504

2.505

2.506

2.507

2.508

2.510

2.511

2.512

2.513

2.514

2.515

2.701

2.702

2.703

2.704

2.705

2.706

2.707

2.708

2.709

2.710

2.711

2.900

2.901

2.902

2.903

2.904

2.905

2.906

2.907

2.908

2.909

2.910

2.911

2.912

2.913

3.*

3.101

3.102

3.103

3.104

3.105

3.106

3.107

3.108

3.109

3.110

3.111

3.112

3.113

3.114

3.115

3.116

3.117

3.118

3.119

3.120

3.301

3.302

3.303

3.304

3.305

3.306

3.307

3.308

3.309

3.310

3.311

3.312

3.313

3.314

3.315

3.316

3.317

3.318

3.319

3.320

3.390

3.501

3.502

3.503

3.504

3.505

3.506

3.507

3.508

3.509

3.510

3.511

3.512

3.701

3.703

3.704

3.705

3.706

3.708

3.709

3.710

3.900

3.901

3.902

3.904

3.905

3.906

3.907

3.908

3.909

3.910

3.911

3.912

3.913

4.*

4.103

4.104

4.105

4.106

4.107

4.108

4.109

4.110

4.112

4.113

4.115

4.116

4.117

4.118

4.119

4.120

4.121

4.301

4.302

4.303

4.304

4.305

4.306

4.307

4.308

4.309

4.310

4.311

4.312

4.313

4.314

4.315

4.316

4.317

4.318

4.319

4.320

4.321

4.322

4.323

4.324

4.325

4.326

4.327

4.328

4.329

4.330

4.331

4.501

4.502

4.503

4.504

4.505

4.506

4.507

4.508

4.509

4.510

4.511

4.512

4.700

4.701

4.900

4.901

4.902

4.903

4.904

4.905

5.*

5.100

5.101

5.102

5.103

5.104

5.108

5.109

5.110

5.111

5.112

5.113

5.114

5.115

5.300

5.301

5.302

5.303

5.304

5.500

5.501

5.502

5.503

5.600

Other

build_2101

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10741.json"