CVE-2024-23655
HIGHTutanota 3.118.12-3.119.10 - Denial of Service via Malformed Email
Title source: llmDescription
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g
Release Notes x_refsource_misc
https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10
Scores
CVSS v3
7.5
EPSS
0.0079
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
tuta/tutanota
3.118.12 - 3.119.10
Published
Jan 25, 2024
Tracked Since
Feb 18, 2026