{"id":"CVE-2017-9604","details":"KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.","modified":"2026-05-18T11:31:55.385504Z","published":"2017-06-13T13:29:00.220Z","related":["openSUSE-SU-2017:1748-1","openSUSE-SU-2017:1756-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"kde:kmail","cpes":["cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"5.5.1"}]},{"vendor_product":"kde:messagelib","cpes":["cpe:2.3:a:kde:messagelib:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"5.5.1"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"5.5.2"},{"fixed":"5.5.2"}]}]},"references":[{"type":"FIX","url":"https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8"},{"type":"FIX","url":"https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kde/kmail","events":[{"introduced":"0"},{"fixed":"78c5552be2f00a4ac25bd77ca39386522fca70a8"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"0"},{"fixed":"17.04.2"}]}}],"versions":["v17.04.1","v17.04.0","v17.03.90","v17.03.80"],"database_specific":{"vanir_signatures_modified":"2026-05-18T11:31:55Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9604.json","vanir_signatures":[{"target":{"file":"src/editor/kmcomposerwin.h"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-9604-1e691798","digest":{"threshold":0.9,"line_hashes":["26936862751056223271378651773350141874","147753422659276439829638422992941333413","256055254617099371927628159996071252580","6237817401237767029496548082185589423"]}},{"target":{"function":"KMComposerWin::slotSendLater","file":"src/editor/kmcomposerwin.cpp"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-9604-3c165c1d","digest":{"length":1340,"function_hash":"257727360109239230956837983898494587049"}},{"target":{"function":"KMComposerWin::doSend","file":"src/editor/kmcomposerwin.cpp"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-9604-91527bf2","digest":{"length":4177,"function_hash":"329420148006121099214417486198642879029"}},{"target":{"file":"src/editor/kmcomposerwin.cpp"},"source":"https://github.com/kde/kmail/commit/78c5552be2f00a4ac25bd77ca39386522fca70a8","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-9604-b7a46cca","digest":{"threshold":0.9,"line_hashes":["171515760466386715851801238677479693481","100956914222261329371661719711300125466","102414020928253762685753738538812198397","33286685259308721839446318719666905468","188097591602447983849197220311793201881","319182387174062329084136337923299632568","36921979096037215443175291460946474118","88681689698140011510796676589812913505","317625579068653833866580054865005408390","126345107536763788961993512739101468109","25040293319142026826008149727049811036","223294017360101117060230640828457089701","324396016245741148738556180156061430484","242628843457735989557136813190891846434","15709050902440614553125708423259186651","190971110931613532423060893732171562942","39003264449620868237994001715739632699","61962259295180074635088808312496210824"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}