{"uuid": "2f22146f-462c-4841-9bff-17d8f791e1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "gpg.fail - multiple vulnerabilities in GnuPG", "description": "# gpg.fail\n\"in the hurry of leaving i forgot the sites src at home, sorry, had to rewrite the whole thing. expect a nicer site by tomorrow. im patching as we speak.\"  \n\\- reaper (&lt;- to blame)\n\n1.  [Multiple Plaintext Attack on Detached PGP Signatures in GnuPG](https://gpg.fail/detached)\n2.  [GnuPG Accepts Path Separators and Path Traversals in Literal Data \"Filename\" Field](https://gpg.fail/filename)\n3.  [Cleartext Signature Plaintext Truncated for Hash Calculation](https://gpg.fail/formfeed)\n4.  [Encrypted message malleability checks are incorrectly enforced causing plaintext recovery attacks](https://gpg.fail/malleability)\n5.  [Memory Corruption in ASCII-Armor Parsing](https://gpg.fail/memcpy)\n6.  [Trusted comment injection (minisign)](https://gpg.fail/minisign)\n7.  [Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG](https://gpg.fail/notdash)\n8.  [OpenPGP Cleartext Signature Framework Susceptible to Format Confusion](https://gpg.fail/notsoclear)\n9.  [GnuPG Output Fails To Distinguish Signature Verification Success From Message Content](https://gpg.fail/noverify)\n10.  [Cleartext Signature Forgery in GnuPG](https://gpg.fail/nullbyte)\n11.  [Radix64 Line-Truncation Enabling Polyglot Attacks](https://gpg.fail/polyglot)\n12.  [GnuPG may downgrade digest algorithm to SHA1 during key signature checking](https://gpg.fail/sha1)\n13.  [GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys](https://gpg.fail/trust)\n14.  [Trusted comment Injection (minisign)](https://gpg.fail/trustcomment)\n\nVideo https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i/oembed", "creation_timestamp": "2026-01-02T10:21:44.096394+00:00", "timestamp": "2026-01-02T13:27:18.414630+00:00", "related_vulnerabilities": ["GCVE-1-2026-0001"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}