Tuta Mail Vulnerability - DoS
2024-11-29 08:0:0 Author: github.security.telekom.com(查看原文) 阅读量:2 收藏

A denial of service vulnerability (CVE-2024-23655) has been identified in Tuta Mail. This vulnerability could prevent users from accessing and reading received mails when an attacker sends a manipulated mail.

Details

  • Product: Tuta Mail
  • Affected Version: Tuta Mail >=3.118.12, < 3.119.10
  • Vulnerability Type: Improper Input Validation (CWE-20)
  • Risk Level: High
  • Vendor URL: https://tuta.com/
  • Vendor acknowledged vulnerability: Yes
  • Vendor Status: Fixed
  • CVE: CVE-2024-23655

The vulnerability was discovered during testing of Tutanota for iOS. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails.

References

Timeline

  • 2024-01-25: Vendor has reported that the vulnerability has been fixed.
  • 2024-11-29: This blog post was published.

Credits


文章来源: https://github.security.telekom.com/2024/11/tuta-mail-dos.html
如有侵权请联系:admin#unsafe.sh