VDB
DEBIAN-CVE-2017-17848
DEBIAN-CVE-2017-17848
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | enigmail | 0, 0, 0 |
Timeline
- Dec 27, 2017 CVE Published
- Apr 28, 2026 CVE Updated