vulnerability

Debian: CVE-2017-7413: php-horde-crypt -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Apr 4, 2017	Feb 19, 2019	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Apr 4, 2017

Added

Feb 19, 2019

Modified

Mar 30, 2026

Description

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

Solution

debian-upgrade-php-horde-crypt

References

CVE-2017-7413
https://attackerkb.com/topics/CVE-2017-7413
CWE-78
DEBIAN-DLA-1398-1
EUVD-EUVD-2017-16437
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-16437

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report