CVE-2021-23993 Information

Jun 07, 2022 cve

Description

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature and the Thunderbird user imports the crafted key then Thunderbird may try to use the invalid subkey but the RNP library rejects it from being used causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1666360 https://www.mozilla.org/security/advisories/mfsa2021-13/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5

Share on: