Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23993

Опубликовано: 08 апр. 2021
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2021:119214.04.2021
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2021:119314.04.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2021:119014.04.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2021:120114.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-347
https://bugzilla.redhat.com/show_bug.cgi?id=1948395Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key

EPSS

Процентиль: 16%
0.00051
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-23993

CVSS3: 6.5
ubuntu
больше 4 лет назад

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

nvd логотип

CVE-2021-23993

CVSS3: 6.5
nvd
больше 4 лет назад

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

debian логотип

CVE-2021-23993

CVSS3: 6.5
debian
больше 4 лет назад

An attacker may perform a DoS attack to prevent a user from sending en ...

github логотип

GHSA-3pj2-rvj5-6646

CVSS3: 6.5
github
больше 3 лет назад

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

fstec логотип

BDU:2021-02076

CVSS3: 5.4
fstec
около 5 лет назад

Уязвимость почтового клиента Thunderbird, связанная с недостаточной проверкой импортированных ключей OpenPGP, позволяющая нарушителю отправлять произвольные зашифрованные сообщения

EPSS

Процентиль: 16%
0.00051
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2021-23993