CVE-2017-17843

MEDIUM5.9EPSS 0.20%

enigmail - security update

發布日:2017/12/27修改日:2026/4/28

描述

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.

受影響套件(3)

Debian/enigmailfrom 0, < 2:1.9.9-1
Debian/enigmailfrom 0, < 2:1.9.9-1~deb7u1
Debian/enigmailfrom 0, < 2:1.9.9-1~deb8u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-17843