Vulnerability Description
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Claws-Mail | Claws-Mail | < 3.18.0 |
| Sylpheed Project | Sylpheed | <= 3.7.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xzPatchVendor Advisory
- https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xzPatchThird Party Advisory
- https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xzPatchVendor Advisory
- https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xzPatchThird Party Advisory
FAQ
What is CVE-2021-37746?
CVE-2021-37746 is a vulnerability with a CVSS score of 6.1 (MEDIUM). textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
How severe is CVE-2021-37746?
CVE-2021-37746 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37746?
Check the references section above for vendor advisories and patch information. Affected products include: Claws-Mail Claws-Mail, Sylpheed Project Sylpheed, Fedoraproject Fedora.