VDB
DEBIAN-CVE-2017-17847
DEBIAN-CVE-2017-17847
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | enigmail | 0, 0, 0 |
Timeline
- Dec 27, 2017 CVE Published
- Apr 28, 2026 CVE Updated