CVE-2022-1197

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1197

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1197.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1197

Downstream

DEBIAN-CVE-2022-1197

DLA-2978-1

DSA-5118-1

RHSA-2022:1301

RHSA-2022:1302

RHSA-2022:1303

RHSA-2022:1305

RHSA-2022:1326

SUSE-SU-2022:1176-1

UBUNTU-CVE-2022-1197

USN-5393-1

Related

Published

2022-12-22T20:15:13Z

Modified

2025-08-09T20:01:25Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.

References

Affected packages