Ubuntu.comUB:CVE-2017-17843CVE-2017-17843
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
79.0%
An issue was discovered in Enigmail before 1.9.9 that allows remote
attackers to trigger use of an intended public key for encryption, because
incorrect regular expressions are used for extraction of an e-mail address
from a comma-separated list, as demonstrated by a modified Full Name field
and a homograph attack, aka TBE-01-002.
References
enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
launchpad.net/bugs/cve/CVE-2017-17843
lists.debian.org/debian-security-announce/2017/msg00333.html
nvd.nist.gov/vuln/detail/CVE-2017-17843
security-tracker.debian.org/tracker/CVE-2017-17843
www.cve.org/CVERecord?id=CVE-2017-17843
www.debian.org/security/2017/dsa-4070
www.mail-archive.com/[email protected]/msg04280.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
79.0%