{"id":"CVE-2017-9604","details":"KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.","modified":"2026-04-11T11:40:05.142167Z","published":"2017-06-13T13:29:00.220Z","related":["openSUSE-SU-2017:1748-1","openSUSE-SU-2017:1756-1"],"references":[{"type":"FIX","url":"https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8"},{"type":"FIX","url":"https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kde/kmail","events":[{"introduced":"0"},{"fixed":"78c5552be2f00a4ac25bd77ca39386522fca70a8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"17.04.2"}]}}],"versions":["v17.03.80","v17.03.90","v17.04.0","v17.04.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9604.json","vanir_signatures_modified":"2026-04-11T11:40:05Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.5.1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.5.1"}]},{"events":[{"introduced":"0"},{"fixed":"5.5.2"}]},{"events":[{"introduced":"0"},{"fixed":"5.5.2"}]}],"vanir_signatures":[{"id":"CVE-2017-9604-1e691798","digest":{"threshold":0.9,"line_hashes":["26936862751056223271378651773350141874","147753422659276439829638422992941333413","256055254617099371927628159996071252580","6237817401237767029496548082185589423"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"src/editor/kmcomposerwin.h"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8"},{"id":"CVE-2017-9604-3c165c1d","digest":{"function_hash":"257727360109239230956837983898494587049","length":1340},"signature_type":"Function","signature_version":"v1","deprecated":false,"target":{"file":"src/editor/kmcomposerwin.cpp","function":"KMComposerWin::slotSendLater"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8"},{"id":"CVE-2017-9604-91527bf2","digest":{"function_hash":"329420148006121099214417486198642879029","length":4177},"signature_type":"Function","signature_version":"v1","deprecated":false,"target":{"file":"src/editor/kmcomposerwin.cpp","function":"KMComposerWin::doSend"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8"},{"id":"CVE-2017-9604-b7a46cca","digest":{"threshold":0.9,"line_hashes":["171515760466386715851801238677479693481","100956914222261329371661719711300125466","102414020928253762685753738538812198397","33286685259308721839446318719666905468","188097591602447983849197220311793201881","319182387174062329084136337923299632568","36921979096037215443175291460946474118","88681689698140011510796676589812913505","317625579068653833866580054865005408390","126345107536763788961993512739101468109","25040293319142026826008149727049811036","223294017360101117060230640828457089701","324396016245741148738556180156061430484","242628843457735989557136813190891846434","15709050902440614553125708423259186651","190971110931613532423060893732171562942","39003264449620868237994001715739632699","61962259295180074635088808312496210824"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"src/editor/kmcomposerwin.cpp"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}