CVE-2021-23993

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23993

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23993.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23993

Downstream

DEBIAN-CVE-2021-23993

DLA-2632-1

DSA-4897-1

RHSA-2021:1190

RHSA-2021:1192

RHSA-2021:1193

RHSA-2021:1201

UBUNTU-CVE-2021-23993

USN-4995-1

USN-4995-2

openSUSE-SU-2021:0580-1

openSUSE-SU-2024:10601-1

Related

Published

2021-06-24T14:15:09Z

Modified

2025-08-09T20:01:27Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.

References

Affected packages