AquaMail Forum

English - Android => Bug reports => Topic started by: Meatychunks on February 17, 2024, 03:03:57 pm

Title: CVE-2023-51764 vulnerability
Post by: Meatychunks on February 17, 2024, 03:03:57 pm

Hi,

My mail provider patched this vulnerability last week. Since then all messages sent using aquamail to any recipient are rejected due to a bare line feed character.

Version 1.49.2-408 running on Android 13.

Title: Re: CVE-2023-51764 vulnerability
Post by: Martin - Aqua Mail Support on February 19, 2024, 09:25:24 am

Hello,

Sorry about the inconvenience. Try clearing the cache or reinstalling the app. If the issue persists, kindly send the error screenshot to support@aqua-mail.com along with the contact details so we can check this.

Title: Re: CVE-2023-51764 vulnerability
Post by: Meatychunks on February 19, 2024, 01:40:04 pm

Having re-installed the app, the problem has gone until I re-enable PGP signing.

The problem then persists.

I shall email the screenshot again as requested.

Title: Re: CVE-2023-51764 vulnerability
Post by: Martin - Aqua Mail Support on February 19, 2024, 03:28:05 pm

Thanks.

I will contact the developers for assistance and update you as soon as I receive a response from them.

Title: Re: CVE-2023-51764 vulnerability
Post by: Meatychunks on February 20, 2024, 03:41:06 pm

I can further confirm that after enabling signing with s/mime (not PGP as previously stated) the problem persists - even after disabling signing and de-activating the certificate.