CVE-2017-17843
MEDIUM5.9EPSS 0.20%enigmail - security update
Published: 12/27/2017Modified: 4/28/2026
Also known as:DEBIAN-CVE-2017-17843
Description
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
Affected packages (3)
- Debian/enigmailfrom 0, < 2:1.9.9-1
- Debian/enigmailfrom 0, < 2:1.9.9-1~deb7u1
- Debian/enigmailfrom 0, < 2:1.9.9-1~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |