Lucene search

PRIOn knowledge basePRION:CVE-2020-13625

HistoryJun 08, 2020 - 5:15 p.m.

Double free

2020-06-0817:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

CPENameOperatorVersion
ubuntu_linuxeq18.04
debian_linuxeq8.0
debian_linuxeq9.0
fedoraeq31
fedoraeq32
phpmailerlt6.1.6

Name	Operator	Version
ubuntu_linux	eq	18.04
debian_linux	eq	8.0
debian_linux	eq	9.0
fedora	eq	31
fedora	eq	32
phpmailer	lt	6.1.6

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6

github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj

lists.debian.org/debian-lts-announce/2020/06/msg00014.html

lists.debian.org/debian-lts-announce/2020/08/msg00004.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/

usn.ubuntu.com/4505-1/