CVE-2017-7829 — MEDIUM (5.3)

Q: How severe is CVE-2017-7829?

CVE-2017-7829 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7829?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

Vulnerability Description

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Thunderbird	< 52.5.2
Redhat	Enterprise Linux Aus	7.4
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	7.4
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-20

References

http://www.securityfocus.com/bid/102258Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040123Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0061Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3529-1/Third Party Advisory
https://www.debian.org/security/2017/dsa-4075Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-30/Vendor Advisory
http://www.securityfocus.com/bid/102258Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040123Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0061Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3529-1/Third Party Advisory
https://www.debian.org/security/2017/dsa-4075Third Party Advisory

FAQ

What is CVE-2017-7829?

CVE-2017-7829 is a vulnerability with a CVSS score of 5.3 (MEDIUM). It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the dis...

How severe is CVE-2017-7829?

CVE-2017-7829 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7829?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.