CVE-2017-17843

Medium CVSS 5.9

Overview

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.

CWE: N/A Published: 2017-12-27T17:08:19.670

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.9 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags