CVE-2021-23993 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-23993 Interim 1 14 2022-10-05T23:56:04Z current 2021-05-30T14:48:39Z 2022-10-05T23:56:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-23993 An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/46S264KIM7ZLJMHW66XPM4XKEAJEZUEJ/ E-Mail link for openSUSE-SU-2021:0580-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed MozillaThunderbird-78.10.0-8.23.1 MozillaThunderbird-78.10.0-bp153.1.1 MozillaThunderbird-78.9.1-lp152.2.38.1 MozillaThunderbird-91.1.1-1.1 MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-78.10.0-8.23.1 MozillaThunderbird-translations-common-78.10.0-bp153.1.1 MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1 MozillaThunderbird-translations-common-91.1.1-1.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-78.10.0-8.23.1 MozillaThunderbird-translations-other-78.10.0-bp153.1.1 MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1 MozillaThunderbird-translations-other-91.1.1-1.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 MozillaThunderbird-78.10.0-8.23.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 MozillaThunderbird-translations-common-78.10.0-8.23.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 MozillaThunderbird-translations-other-78.10.0-8.23.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 MozillaThunderbird-91.8.0-150200.8.65.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-78.9.1-lp152.2.38.1 as a component of openSUSE Leap 15.2 MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1 as a component of openSUSE Leap 15.2 MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1 as a component of openSUSE Leap 15.2 MozillaThunderbird-78.10.0-bp153.1.1 as a component of openSUSE Leap 15.3 MozillaThunderbird-translations-common-78.10.0-bp153.1.1 as a component of openSUSE Leap 15.3 MozillaThunderbird-translations-other-78.10.0-bp153.1.1 as a component of openSUSE Leap 15.3 MozillaThunderbird-91.8.0-150200.8.65.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-91.1.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-common-91.1.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-other-91.1.1-1.1 as a component of openSUSE Tumbleweed An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1. CVE-2021-23993 SUSE Linux Enterprise Workstation Extension 15 SP3:MozillaThunderbird-78.10.0-8.23.1 SUSE Linux Enterprise Workstation Extension 15 SP3:MozillaThunderbird-translations-common-78.10.0-8.23.1 SUSE Linux Enterprise Workstation Extension 15 SP3:MozillaThunderbird-translations-other-78.10.0-8.23.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-91.8.0-150200.8.65.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 openSUSE Leap 15.2:MozillaThunderbird-78.9.1-lp152.2.38.1 openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.9.1-lp152.2.38.1 openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.9.1-lp152.2.38.1 openSUSE Leap 15.3:MozillaThunderbird-78.10.0-bp153.1.1 openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.10.0-bp153.1.1 openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.10.0-bp153.1.1 openSUSE Leap 15.4:MozillaThunderbird-91.8.0-150200.8.65.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L