CVE-2017-17843

2017-12-2700:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

An issue was discovered in Enigmail before 1.9.9 that allows remote
attackers to trigger use of an intended public key for encryption, because
incorrect regular expressions are used for extraction of an e-mail address
from a comma-separated list, as demonstrated by a modified Full Name field
and a homograph attack, aka TBE-01-002.

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchenigmail< 2:1.9.9-0ubuntu0.17.10.1UNKNOWN
ubuntu14.04noarchenigmail< 2:1.9.9-0ubuntu0.14.04.1UNKNOWN
ubuntu16.04noarchenigmail< 2:1.9.9-0ubuntu0.16.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	enigmail	< 2:1.9.9-0ubuntu0.17.10.1	UNKNOWN
ubuntu	14.04	noarch	enigmail	< 2:1.9.9-0ubuntu0.14.04.1	UNKNOWN
ubuntu	16.04	noarch	enigmail	< 2:1.9.9-0ubuntu0.16.04.1	UNKNOWN