PT-2023-2798 · Mozilla+9 · Thunderbird+9

Published

2023-04-11

Updated

2025-11-21

CVE-2023-29479

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Ribose RNP versions prior to 0.16.3

Description The issue is related to insufficient input validation when parsing PKESK/SKESK packets in the Ribose RNP library of the Thunderbird email client. Exploitation of this issue may allow a remote attacker to cause a denial of service by sending specially crafted OpenPGP messages to the application.

Recommendations For versions prior to 0.16.3, update to version 0.16.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Ribose RNP library until a patch is available. Avoid using the library to parse potentially malformed input until the issue is resolved.

Fix

RCE

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400CWE-770

Related Identifiers

ALSA-2023:1802

ALSA-2023:1809

ALT-PU-2023-1648

ALT-PU-2023-1765

ALT-PU-2023-1783

ALT-PU-2023-4366

BDU:2023-02696

CESA-2023_1802

CESA-2023_1806

CVE-2023-29479

DLA-3400-1

DSA-5392-1

MGASA-2023-0147

OPENSUSE-SU-2024:12852-1

OPENSUSE-SU-2024:12995-1

RHSA-2023:1802

RHSA-2023:1803

RHSA-2023:1804

RHSA-2023:1805

RHSA-2023:1806

RHSA-2023:1809

RHSA-2023:1810

RHSA-2023:1811

RHSA-2023_1802

RHSA-2023_1806

RHSA-2023_1809

RLSA-2023:1802

RLSA-2023:1809

SUSE-SU-2023:2064-1

USN-6015-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Thunderbird

Ubuntu

PT-2023-2798 · Mozilla+9 · Thunderbird+9

CVE-2023-29479

Weakness Enumeration

Related Identifiers

Affected Products

References · 110