CVE-2017-7829
Severity
5.3MEDIUM
EPSS
1.6%
top 18.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages7 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.5
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-hpvr-62fv-x7x4: It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient↗2022-05-14
OSV▶
CVE-2017-7829: It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient↗2018-06-11
CVEList▶
CVE-2017-7829: It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient↗2018-06-11