VDB

DEBIAN-CVE-2018-12019

DEBIAN-CVE-2018-12019 PUBLISHED CVSS 7.5 HIGH

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

Risk Scores

CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:11enigmail0, 0, 0

Timeline

  • Jun 13, 2018 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›