{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-17843","title":"Title"},{"category":"description","text":"An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-17843","url":"https://www.suse.com/security/cve/CVE-2017-17843"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1073858 for CVE-2017-17843","url":"https://bugzilla.suse.com/1073858"}],"title":"SUSE CVE CVE-2017-17843","tracking":{"current_release_date":"2025-10-07T10:11:26Z","generator":{"date":"2023-02-15T04:36:25Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-17843","initial_release_date":"2023-02-15T04:36:25Z","revision_history":[{"date":"2023-02-15T04:36:25Z","number":"2","summary":"Current version"},{"date":"2025-01-01T08:16:10Z","number":"3","summary":"Current version"},{"date":"2025-01-10T04:11:43Z","number":"4","summary":"Current version"},{"date":"2025-03-15T12:53:16Z","number":"5","summary":"Current version"},{"date":"2025-04-25T07:33:07Z","number":"6","summary":"Current version"},{"date":"2025-10-07T10:11:26Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP2","product":{"name":"SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2","product":{"name":"SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Workstation Extension 15 SP2","product":{"name":"SUSE Linux Enterprise Workstation Extension 15 SP2","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-we:15:sp2"}}},{"category":"product_version","name":"enigmail","product":{"name":"enigmail","product_id":"enigmail","product_identification_helper":{"cpe":"cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/enigmail@?upstream=enigmail.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"enigmail as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:enigmail"},"product_reference":"enigmail","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"enigmail as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:enigmail"},"product_reference":"enigmail","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"enigmail as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:enigmail"},"product_reference":"enigmail","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"enigmail as component of SUSE Linux Enterprise Workstation Extension 15 SP2","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP2:enigmail"},"product_reference":"enigmail","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2017-17843","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-17843"}],"notes":[{"category":"general","text":"An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 15 SP2:enigmail","SUSE Linux Enterprise Server 15 SP2:enigmail","SUSE Linux Enterprise Server for SAP Applications 15 SP2:enigmail","SUSE Linux Enterprise Workstation Extension 15 SP2:enigmail"]},"references":[{"category":"external","summary":"CVE-2017-17843","url":"https://www.suse.com/security/cve/CVE-2017-17843"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1073858 for CVE-2017-17843","url":"https://bugzilla.suse.com/1073858"}],"threats":[{"category":"impact","date":"2017-12-21T11:50:20Z","details":"important"}],"title":"CVE-2017-17843"}]}