Launchpad.net

CVE 2017-17689

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

See the CVE page on Mitre.org for more details.