CVE-2021-3349
3.3 LOWGNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evoluti...
Published: 2021-02-01 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-345
Affected products
| Vendor | Product |
|---|---|
| gnome | evolution |
Description
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3349
- [Other]https://dev.gnupg.org/T4735
- [Other]https://gitlab.gnome.org/GNOME/evolution/-/issues/299
- [Exploit reference]https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
- [Other]https://dev.gnupg.org/T4735
- [Other]https://gitlab.gnome.org/GNOME/evolution/-/issues/299
- [Exploit reference]https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-5201 — A flaw was found in the gdk-pixbuf library (7.5 HIGH)
- CVE-2026-5119 — A flaw was found in libsoup (5.9 MEDIUM)
- CVE-2026-4271 — A flaw was found in libsoup, a library for handling HTTP requests (5.3 MEDIUM)
Same CWE
- CVE-2026-53862 — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
- CVE-2026-53900 — Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a mali... (4.3 MEDIUM)
- CVE-2026-53899 — Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to rece... (6.5 MEDIUM)
- CVE-2026-47777 — Mastodon is a free, open-source social network server based on ActivityPub (7.5 HIGH)
- CVE-2026-53406 — Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an au... (7.8 HIGH)