CVE-2021-32816 MEDIUM

CVE-2021-32816: Regular expression Denial of Service in ProtonMail

Vendor Protonmail
Product WebClient
Weakness CWE-400
Published May 14, 2021
Last update August 3, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027.

Key dates

02Disclosure timeline

May 14, 2021 CVE published
August 3, 2024 Record updated