Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2017-17843

HistoryDec 27, 2017 - 5:08 p.m.

CVE-2017-17843

2017-12-2717:08:19

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.0%

JSON

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.

OSVersionArchitecturePackageVersionFilename
Debian11allenigmail< 2:1.9.9-1enigmail_2:1.9.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	enigmail	< 2:1.9.9-1	enigmail_2:1.9.9-1_all.deb

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.0%

JSON

Related for DEBIANCVE:CVE-2017-17843