Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.

Published

2017-12-27T17:08:19.670

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	enigmail	enigmail	< 1.9.9	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html ([email protected])
https://lists.debian.org/debian-security-announce/2017/msg00333.html Third Party Advisory ([email protected])
https://www.debian.org/security/2017/dsa-4070 Third Party Advisory ([email protected])
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html ([email protected])
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-security-announce/2017/msg00333.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-4070 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html (af854a3a-2127-422b-91ae-364da2661108)