CVE-2023-29479Uncontrolled Resource Consumption in RNP

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling8 documents7 sources
Severity
5.3MEDIUMNVD
OSV6.5
EPSS
0.1%
top 81.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdRibose RNPDebian RNP+2 more
Timeline
PublishedApr 24

Description

Ribose RNP before 0.16.3 may hang when the input is malformed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

NVDribose/rnp< 0.16.3
Debianribose/rnp< 0.16.3-1+2
debiandebian/rnp< rnp 0.16.3-1 (bookworm)
debiandebian/thunderbird< rnp 0.16.3-1 (bookworm)
Debianmozilla/thunderbird< 1:102.10.0-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2023-29479: Ribose RNP before 02023-04-24
GHSA
GHSA-rr9h-qqwq-gm72: Ribose RNP before 02023-04-24
OSV
thunderbird vulnerabilities2023-04-13

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2023-04-13
Red Hat
Thunderbird: Hang when processing certain OpenPGP messages2023-04-11
Debian
CVE-2023-29479: rnp - Ribose RNP before 0.16.3 may hang when the input is malformed.2023
Mozilla
Mozilla Foundation Security Advisory 2023-15: CVE-2023-29479
CVE-2023-29479 — Uncontrolled Resource Consumption | cvebase