All the vulnerabilites related to gnupg - gnupg
Vulnerability from fkie_nvd
Published
2006-07-28 21:04
Modified
2024-11-21 00:14
Severity ?
Summary
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer de enteros en parse_comment en GnuPG (gpg) 1.4.4 permite a atacantes remotos provocar denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2006-3746",
"lastModified": "2024-11-21T00:14:19.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-28T21:04:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1"
},
{
"source": "secalert@redhat.com",
"url": "http://issues.rpath.com/browse/RPL-560"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lwn.net/Alerts/194228/"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21297"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21300"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21306"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21326"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21329"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21333"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21346"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21351"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21378"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21467"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21522"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21524"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21598"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016622"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1140"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/27664"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19110"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-332-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.rpath.com/browse/RPL-560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lwn.net/Alerts/194228/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-332-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-01 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia | mageia | 3.0 | |
| mageia | mageia | 4.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| gnupg | libksba | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| gnupg | gnupg | 2.1.0 | |
| gnupg | gnupg | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76F1E356-E019-47E8-AA5F-702DA93CF74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A54033-F9F8-4C67-93E9-307484D9C060",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "11756353-C8D2-4933-B5DC-B0CDBCAFBC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "10427264-78E1-4FB1-A8EF-BDB0C9822DB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n ksba_oid_to_str en Libksba anterior a 1.3.2, utilizado en GnuPG, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un OID manipulado en (1) un mensaje S/MIME o (2) datos OpenPGP basados en ECC, lo que provoca un desbordamiento de buffer."
}
],
"id": "CVE-2014-9087",
"lastModified": "2024-11-21T02:20:11.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-01T15:59:11.797",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60073"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60189"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60233"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"source": "security@debian.org",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"source": "security@debian.org",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71285"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2427-1"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-06 20:19
Modified
2024-11-21 00:27
Severity ?
Summary
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gpgme:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA56B122-75BE-4872-859B-13FDCA2DC641",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804DFC99-270C-41FD-9D03-53FA501F382A",
"versionEndIncluding": "1.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection."
},
{
"lang": "es",
"value": "GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la l\u00ednea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con m\u00faltiples componentes, lo cual podr\u00eda permitir a atacantes remotos falsificar el contenido de un mensaje sin ser detectado."
}
],
"id": "CVE-2007-1263",
"lastModified": "2024-11-21T00:27:54.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-06T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2775"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2776"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24365"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24407"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24419"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24438"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24489"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24511"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24544"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24650"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24734"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24875"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2353"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1266"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22757"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0009/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-432-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-432-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1111"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-432-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-432-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-29 22:15
Modified
2024-11-21 02:23
Severity ?
Summary
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| gnupg | libgcrypt | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A4C18-6BE6-437E-81AD-C4AD73A78038",
"versionEndExcluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840D7B26-0812-45F3-803A-B24F7D843364",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
},
{
"lang": "es",
"value": "La funci\u00f3n mpi_powm en Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, permite a atacantes obtener informaci\u00f3n confidencial mediante el aprovechamiento de las diferencias de tiempo al acceder a una tabla precalculada durante una exponenciaci\u00f3n modular, relacionada con un \"Last-Level Cache Side-Channel Attack\"."
}
],
"id": "CVE-2015-0837",
"lastModified": "2024-11-21T02:23:49.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T22:15:11.783",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ieeexplore.ieee.org/document/7163050"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ieeexplore.ieee.org/document/7163050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-23 20:15
Modified
2024-11-21 07:19
Severity ?
Summary
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86541E5D-4AE0-42E6-B94A-73C91237703E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."
}
],
"id": "CVE-2022-3219",
"lastModified": "2024-11-21T07:19:04.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-23T20:15:12.393",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3219"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://dev.gnupg.org/D556"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://dev.gnupg.org/T5993"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://dev.gnupg.org/D556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://dev.gnupg.org/T5993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "893B46A3-9BAA-4AEF-9806-AD689E6E46F5",
"versionEndExcluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed."
}
],
"id": "CVE-2005-0366",
"lastModified": "2024-11-20T23:54:58.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2005/033"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2005/033.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013166"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/303094"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:057"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/13775"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.pgp.com/library/ctocorner/openpgp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2005/033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://eprint.iacr.org/2005/033.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/303094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/13775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.pgp.com/library/ctocorner/openpgp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12529"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 19:15
Modified
2024-11-21 02:25
Severity ?
Summary
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| gnupg | gnupg | * | |
| gnupg | gnupg | * | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A4C18-6BE6-437E-81AD-C4AD73A78038",
"versionEndExcluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D53A20-9751-4C22-9C56-828FC0D33F26",
"versionEndExcluding": "2.0.27",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FF7A2F-DD01-4210-8C13-8E673706FF1F",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\""
},
{
"lang": "es",
"value": "El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit a bit, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (operaci\u00f3n de lectura no v\u00e1lida) por medio de un archivo de llavero dise\u00f1ado, relacionado con extensiones de signo y \"memcpy with overlapping ranges.\""
}
],
"id": "CVE-2015-1607",
"lastModified": "2024-11-21T02:25:46.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T19:15:11.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72610"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-2554-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-2554-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-10 00:55
Modified
2024-11-21 01:55
Severity ?
Summary
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | 1.4.0 | |
| gnupg | gnupg | 1.4.2 | |
| gnupg | gnupg | 1.4.3 | |
| gnupg | gnupg | 1.4.4 | |
| gnupg | gnupg | 1.4.5 | |
| gnupg | gnupg | 1.4.6 | |
| gnupg | gnupg | 1.4.8 | |
| gnupg | gnupg | 1.4.10 | |
| gnupg | gnupg | 1.4.11 | |
| gnupg | gnupg | 1.4.12 | |
| gnupg | gnupg | 1.4.13 | |
| gnupg | gnupg | 2.0 | |
| gnupg | gnupg | 2.0.1 | |
| gnupg | gnupg | 2.0.3 | |
| gnupg | gnupg | 2.0.4 | |
| gnupg | gnupg | 2.0.5 | |
| gnupg | gnupg | 2.0.6 | |
| gnupg | gnupg | 2.0.7 | |
| gnupg | gnupg | 2.0.8 | |
| gnupg | gnupg | 2.0.10 | |
| gnupg | gnupg | 2.0.11 | |
| gnupg | gnupg | 2.0.12 | |
| gnupg | gnupg | 2.0.13 | |
| gnupg | gnupg | 2.0.14 | |
| gnupg | gnupg | 2.0.15 | |
| gnupg | gnupg | 2.0.16 | |
| gnupg | gnupg | 2.0.17 | |
| gnupg | gnupg | 2.0.18 | |
| gnupg | gnupg | 2.0.19 | |
| gnupg | gnupg | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "69D492F9-2064-488A-BD16-99DD865D2BF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "10427264-78E1-4FB1-A8EF-BDB0C9822DB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey."
},
{
"lang": "es",
"value": "GnuPG 1.4.x, y 2.1.x trata un subpaquete de flags clave con todos los bits a 0 (sin uso permitido) como si tuviera todos los bits establecidos (todo uso permitido) lo que permitir\u00eda a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica intencionada mediante el aprovechamiento de la subclave."
}
],
"id": "CVE-2013-4351",
"lastModified": "2024-11-21T01:55:24.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-10T00:55:15.023",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1987-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1987-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-08 21:29
Modified
2024-11-21 03:44
Severity ?
Summary
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| gnupg | gnupg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCFABF1A-E57D-4323-9753-FE66CA95DEA9",
"versionEndExcluding": "2.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."
},
{
"lang": "es",
"value": "mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archivo original durante las acciones de descifrado y verificaci\u00f3n, lo que permite que atacantes remotos suplanten la salida que GnuPG env\u00eda en el descriptor de archivo 2 a otros programas que emplean la opci\u00f3n \"--status-fd 2\". Por ejemplo, los datos OpenPGP podr\u00edan representar un nombre de archivo original que contiene caracteres de nueva l\u00ednea junto con los c\u00f3digos de estado GOODSIG o VALIDSIG."
}
],
"id": "CVE-2018-12020",
"lastModified": "2024-11-21T03:44:25.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-08T21:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2018/06/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/104450"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1041051"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2180"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T4012"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3964-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4222"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4223"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2018/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/104450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1041051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T4012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3964-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 19:15
Modified
2024-11-21 02:25
Severity ?
Summary
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22C5DDBF-8A37-49CB-A732-E59DC79A5FD9",
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file."
},
{
"lang": "es",
"value": "La base de datos de llavero en GnuPG versiones anteriores a la versi\u00f3n 2.1.2, no maneja apropiadamente los paquetes no v\u00e1lidos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura no v\u00e1lida y uso de la memoria previamente liberada) por medio de un archivo de llavero especialmente dise\u00f1ado."
}
],
"id": "CVE-2015-1606",
"lastModified": "2024-11-21T02:25:45.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T19:15:11.173",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031876"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-03 18:15
Modified
2024-11-21 05:17
Severity ?
Summary
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "36CA3361-1B43-4A9B-A941-01D6EEEDCEEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "74C78597-A629-4D17-A788-2388854223FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gpg4win:gpg4win:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF58960-B2B6-4A6A-8595-831786580911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
},
{
"lang": "es",
"value": "GnuPG versiones 2.2.21 y 2.2.22 (y Gpg4win versi\u00f3n 3.1.12), presenta un desbordamiento de la matriz, conllevando a un bloqueo o posiblemente otro impacto no especificado, cuando una v\u00edctima importa la clave OpenPGP de un atacante, y esta clave contiene preferencias AEAD.\u0026#xa0;El desbordamiento es causado por un error en el archivo g10/key-check.c.\u0026#xa0;NOTA: GnuPG versi\u00f3n 2.3.x, no est\u00e1 afectado.\u0026#xa0;GnuPG versi\u00f3n 2.2.23 es una versi\u00f3n corregida"
}
],
"id": "CVE-2020-25125",
"lastModified": "2024-11-21T05:17:24.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-03T18:15:15.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://dev.gnupg.org/T5050"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://dev.gnupg.org/T5050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | 1.4.0 | |
| gnupg | gnupg | 1.4.2 | |
| gnupg | gnupg | 1.4.3 | |
| gnupg | gnupg | 1.4.4 | |
| gnupg | gnupg | 1.4.5 | |
| gnupg | gnupg | 1.4.8 | |
| gnupg | gnupg | 1.4.10 | |
| gnupg | gnupg | 1.4.11 | |
| gnupg | gnupg | 1.4.12 | |
| gnupg | gnupg | 2.0 | |
| gnupg | gnupg | 2.0.1 | |
| gnupg | gnupg | 2.0.3 | |
| gnupg | gnupg | 2.0.4 | |
| gnupg | gnupg | 2.0.5 | |
| gnupg | gnupg | 2.0.6 | |
| gnupg | gnupg | 2.0.7 | |
| gnupg | gnupg | 2.0.8 | |
| gnupg | gnupg | 2.0.10 | |
| gnupg | gnupg | 2.0.11 | |
| gnupg | gnupg | 2.0.12 | |
| gnupg | gnupg | 2.0.13 | |
| gnupg | gnupg | 2.0.14 | |
| gnupg | gnupg | 2.0.15 | |
| gnupg | gnupg | 2.0.16 | |
| gnupg | gnupg | 2.0.17 | |
| gnupg | gnupg | 2.0.18 | |
| gnupg | gnupg | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet."
},
{
"lang": "es",
"value": "La funci\u00f3n \"read_block\" en g10/import.c en GnuPG v1.4.x anterior a v1.4.13 y v2.0.x a la v2.0.19, cuando se importa una clave, permite a atacantes remotos corromper la base de datos del anillo de claves publicas (ca\u00edda de la aplicaci\u00f3n) o causar una denegaci\u00f3n de servicio a trav\u00e9s de la modificaci\u00f3n de a longitud de campo de un paquete OpenPGP."
}
],
"id": "CVE-2012-6085",
"lastModified": "2024-11-21T01:45:47.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T01:55:03.740",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57102"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1682-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.g10code.com/gnupg/issue1455"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1682-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.g10code.com/gnupg/issue1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-12 15:15
Modified
2024-11-21 07:19
Severity ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05058020-26A0-4F46-9F30-F1CEF4AC330C",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gpg4win:gpg4win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB814C2-FA25-47AD-A418-2A47CC58CBE8",
"versionEndExcluding": "4.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:vs-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1EC90-FBD7-48D7-8EE8-86D831CE94F6",
"versionEndExcluding": "3.1.26",
"versionStartIncluding": "3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "87E3E8C5-03AE-46A0-B0DA-4E9C3BFA3E44",
"versionEndExcluding": "2.2.41",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F52C07A1-3B7F-4A65-B03D-E8BDFF469B0C",
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en la librer\u00eda Libksba debido a un desbordamiento de enteros dentro del analizador CRL. La vulnerabilidad se puede explotar de forma remota para la ejecuci\u00f3n de c\u00f3digo en el sistema de destino pasando datos especialmente manipulados a la aplicaci\u00f3n, por ejemplo, un archivo adjunto S/MIME malicioso."
}
],
"id": "CVE-2022-3515",
"lastModified": "2024-11-21T07:19:41.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T15:15:10.187",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3515"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | 1.4.0 | |
| gnupg | gnupg | 1.4.2 | |
| gnupg | gnupg | 1.4.3 | |
| gnupg | gnupg | 1.4.4 | |
| gnupg | gnupg | 1.4.5 | |
| gnupg | gnupg | 1.4.8 | |
| gnupg | gnupg | 1.4.10 | |
| gnupg | gnupg | 1.4.11 | |
| gnupg | gnupg | 1.4.12 | |
| gnupg | gnupg | 1.4.13 | |
| gnupg | gnupg | 1.4.14 | |
| gnupg | gnupg | 2.0 | |
| gnupg | gnupg | 2.0.1 | |
| gnupg | gnupg | 2.0.10 | |
| gnupg | gnupg | 2.0.11 | |
| gnupg | gnupg | 2.0.12 | |
| gnupg | gnupg | 2.0.13 | |
| gnupg | gnupg | 2.0.14 | |
| gnupg | gnupg | 2.0.15 | |
| gnupg | gnupg | 2.0.16 | |
| gnupg | gnupg | 2.0.17 | |
| gnupg | gnupg | 2.0.18 | |
| gnupg | gnupg | 2.0.19 | |
| gnupg | gnupg | 2.0.20 | |
| gnupg | gnupg | 2.0.21 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "69D492F9-2064-488A-BD16-99DD865D2BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B4929286-63C2-45D0-B0C7-E14438D82883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F104E-7631-4ACE-8C4A-A86E8A8286E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E18FC24D-45ED-4E9D-A599-534D78CF60DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
},
{
"lang": "es",
"value": "El analizador de paquetes comprimido en GnuPG versiones 1.4.x anteriores a 1.4.15 y versiones 2.0.x anteriores a 2.0.22, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (recursi\u00f3n infinita) por medio de un mensaje OpenPGP dise\u00f1ado."
}
],
"id": "CVE-2013-4402",
"lastModified": "2024-11-21T01:55:29.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-28T22:55:03.913",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1987-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1987-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-20 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| gnupg | gnupg | 1.0.0 | |
| gnupg | gnupg | 1.0.1 | |
| gnupg | gnupg | 1.0.2 | |
| gnupg | gnupg | 1.0.3 | |
| gnupg | gnupg | 1.0.4 | |
| gnupg | gnupg | 1.0.4 | |
| gnupg | gnupg | 1.0.5 | |
| gnupg | gnupg | 1.0.5 | |
| gnupg | gnupg | 1.0.6 | |
| gnupg | gnupg | 1.0.7 | |
| gnupg | gnupg | 1.2.0 | |
| gnupg | gnupg | 1.2.1 | |
| gnupg | gnupg | 1.2.1 | |
| gnupg | gnupg | 1.2.2 | |
| gnupg | gnupg | 1.2.3 | |
| gnupg | gnupg | 1.2.4 | |
| gnupg | gnupg | 1.2.5 | |
| gnupg | gnupg | 1.2.6 | |
| gnupg | gnupg | 1.2.7 | |
| gnupg | gnupg | 1.3.0 | |
| gnupg | gnupg | 1.3.1 | |
| gnupg | gnupg | 1.3.2 | |
| gnupg | gnupg | 1.3.3 | |
| gnupg | gnupg | 1.3.4 | |
| gnupg | gnupg | 1.3.6 | |
| gnupg | gnupg | 1.3.90 | |
| gnupg | gnupg | 1.3.91 | |
| gnupg | gnupg | 1.3.92 | |
| gnupg | gnupg | 1.3.93 | |
| gnupg | gnupg | 1.4 | |
| gnupg | gnupg | 1.4.0 | |
| gnupg | gnupg | 1.4.2 | |
| gnupg | gnupg | 1.4.3 | |
| gnupg | gnupg | 1.4.4 | |
| gnupg | gnupg | 1.4.5 | |
| gnupg | gnupg | 1.4.6 | |
| gnupg | gnupg | 1.4.8 | |
| gnupg | gnupg | 1.4.10 | |
| gnupg | gnupg | 1.4.11 | |
| gnupg | gnupg | 1.4.12 | |
| gnupg | gnupg | 1.4.13 | |
| gnupg | gnupg | 1.4.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A287B57-D002-4A42-96F1-E1F701F9762C",
"versionEndIncluding": "1.4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6863306-F7B8-47D9-8FF9-4340FC6D718F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA95D254-1D85-4523-9DF2-8A07BF05573E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D07D0653-4538-47D8-AB8F-0A23D65F0AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95E18355-65AF-4DB4-B6B2-431D7788FF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*",
"matchCriteriaId": "0E61804F-21BA-4850-B859-D69C80F37FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88C40692-FE9F-48D6-9AEB-5F35FA369980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*",
"matchCriteriaId": "585F51C8-2FDC-46CE-9F71-ED9EE2ADA472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18395DAB-24DA-4ABD-ABD8-38A49417B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6228E3FF-5EB4-4F46-9EA8-1B114947994D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96DEF388-2B09-4212-8AF5-9FE54CCAFEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A798490-741B-4EB4-B1D9-353A181A7AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*",
"matchCriteriaId": "F781A379-57DF-4D1E-8B85-4FD637E4B967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8466E9BD-5623-40EE-A604-0F29C3520B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98B61C-7093-4251-B1D8-59B647C2DF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9FCAC0-08D1-4044-A506-4AC14BF381CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "545E4C50-229D-4B27-9DB2-9D1204451A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D50A16A8-9C96-47CB-B18B-AE79C754ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08877372-B7DD-4543-84A8-C40D2BA100F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7135BE6C-E797-4C41-BCD5-161DC7561433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E909F1D4-AFB1-43F3-9635-E318D64099B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "688CDCA9-2809-4C0E-9DBC-133F48D56BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "564B521B-3C7C-46CF-94E8-A368AF81DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC04BFA0-C7B0-4F70-9676-8156C9CE18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "9F43CE80-06BC-4448-9033-F2F88663C527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "A7181202-BC32-4F1E-9EF8-F544CCDA1671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F55827F8-CC36-45DA-8F9E-1F520911EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "365FF476-1FFD-4E09-900C-50E0660766AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "69D492F9-2064-488A-BD16-99DD865D2BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B4929286-63C2-45D0-B0C7-E14438D82883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE."
},
{
"lang": "es",
"value": "GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes f\u00edsicamente pr\u00f3ximos extraer claves RSA a trav\u00e9s de un ataque de texto cifrado elegido y criptoan\u00e1lisis ac\u00fastico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales ac\u00fasticos, dado que esto es responsabilidad del dispositivo f\u00edsico. De esta manera, problemas de este tipo no recibir\u00e1n normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una pol\u00edtica de seguridad en la cual GnuPG deber\u00eda ofrecer resistencia ante cnales laterales, y violaciones de pol\u00edticas de seguridad espec\u00edficas para los desarrolladores est\u00e1n dentro del \u00e1mbito de CVE."
}
],
"id": "CVE-2013-4576",
"lastModified": "2024-11-21T01:55:51.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-20T21:55:06.930",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/101170"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/520"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/523"
},
{
"source": "secalert@redhat.com",
"url": "http://www.cs.tau.ac.il/~tromer/acoustic/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2821"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/64424"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029513"
},
{
"source": "secalert@redhat.com",
"url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2059-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.tau.ac.il/~tromer/acoustic/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2059-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-20 16:15
Modified
2024-11-21 04:27
Severity ?
Summary
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D8D63F-BCE0-446D-BC8D-56231FFAAF8D",
"versionEndExcluding": "2.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en la manera en que podr\u00edan ser falsificadas las firmas de certificados usando colisiones encontradas en el algoritmo SHA-1. Un atacante podr\u00eda usar esta debilidad para crear firmas de certificados falsificadas. Este problema afecta a GnuPG versiones anteriores a 2.2.18."
}
],
"id": "CVE-2019-14855",
"lastModified": "2024-11-21T04:27:30.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T16:15:14.680",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T4755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4516-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T4755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4516-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-27 23:44
Modified
2024-11-21 00:44
Severity ?
Summary
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\""
},
{
"lang": "es",
"value": "GnuPG (gpg) 1.4.8 y 2.0.8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de claves duplicadas manipuladas que son importadas de un servidor de claves, lo cual dispara \"corrupci\u00f3n de memoria en torno a la duplicaci\u00f3n de identificadores de usuario\".\r\n"
}
],
"id": "CVE-2008-1530",
"lastModified": "2024-11-21T00:44:44.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-27T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29568"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2008-1.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28487"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1056/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.g10code.com/gnupg/issue894"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1056/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.g10code.com/gnupg/issue894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue does not affect the versions of gnupg packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 or 5.",
"lastModified": "2008-03-28T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-19 18:02
Modified
2024-11-21 00:12
Severity ?
Summary
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF3B20C-DC28-43C9-BA6A-1909532CC96C",
"versionEndIncluding": "1.9.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option."
},
{
"lang": "es",
"value": "parse-packet.c en GnuPG (gpg) v1.4.3, v1.9.20 y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de gpg) y posiblemente sobrescribir la memoria a trav\u00e9s de un paquete de mensajes de gran longitud (con un ID de usuario demasiado largo), lo cual podr\u00eda llevar a un desbordamiento de enteros, tal y como se demuestra con la opci\u00f3n \u0027-no-armor\u0027."
}
],
"id": "CVE-2006-3082",
"lastModified": "2024-11-21T00:12:46.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-19T18:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20783"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20801"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20811"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20829"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20881"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20899"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20968"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21063"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21137"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21143"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21585"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016519"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.457382"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/18554"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/304-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.457382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/18554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/304-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-25 11:19
Modified
2024-11-21 02:10
Severity ?
Summary
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F104E-7631-4ACE-8C4A-A86E8A8286E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E18FC24D-45ED-4E9D-A599-534D78CF60DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C7586A-093A-4F39-893D-E3B5453213B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "036AAD1C-7A2C-44B6-BF5A-5034E2BD7632",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79AE15B6-193D-4643-8F4D-D28530B0EE19",
"versionEndIncluding": "1.4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6863306-F7B8-47D9-8FF9-4340FC6D718F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA95D254-1D85-4523-9DF2-8A07BF05573E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D07D0653-4538-47D8-AB8F-0A23D65F0AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95E18355-65AF-4DB4-B6B2-431D7788FF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88C40692-FE9F-48D6-9AEB-5F35FA369980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18395DAB-24DA-4ABD-ABD8-38A49417B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6228E3FF-5EB4-4F46-9EA8-1B114947994D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96DEF388-2B09-4212-8AF5-9FE54CCAFEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A798490-741B-4EB4-B1D9-353A181A7AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8466E9BD-5623-40EE-A604-0F29C3520B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98B61C-7093-4251-B1D8-59B647C2DF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9FCAC0-08D1-4044-A506-4AC14BF381CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "545E4C50-229D-4B27-9DB2-9D1204451A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D50A16A8-9C96-47CB-B18B-AE79C754ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08877372-B7DD-4543-84A8-C40D2BA100F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7135BE6C-E797-4C41-BCD5-161DC7561433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E909F1D4-AFB1-43F3-9635-E318D64099B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "688CDCA9-2809-4C0E-9DBC-133F48D56BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "564B521B-3C7C-46CF-94E8-A368AF81DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC04BFA0-C7B0-4F70-9676-8156C9CE18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "9F43CE80-06BC-4448-9033-F2F88663C527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "A7181202-BC32-4F1E-9EF8-F544CCDA1671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F55827F8-CC36-45DA-8F9E-1F520911EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "69D492F9-2064-488A-BD16-99DD865D2BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B4929286-63C2-45D0-B0C7-E14438D82883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "173ACC42-C387-4506-AD11-0DBD13460101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
},
{
"lang": "es",
"value": "La funci\u00f3n do_uncompress en g10/compress.c en GnuPG 1.x anterior a 1.4.17 y 2.x anterior a 2.0.24 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de paquetes comprimidos malformados, tal y como fue demostrado por una secuencia de bytes a3 01 5b ff."
}
],
"id": "CVE-2014-4617",
"lastModified": "2024-11-21T02:10:34.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-25T11:19:22.637",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"source": "cve@mitre.org",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59213"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59351"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59578"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2258-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3853-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3853-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B5A599-7C8D-402E-AB51-943A58167742",
"versionEndIncluding": "2.2.11",
"versionStartIncluding": "2.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060."
},
{
"lang": "es",
"value": "GnuPG, de la versi\u00f3n 2.1.12 a la 2.2.11, contiene una vulnerabilidad Cross-Site Request Forgery (CSRF) en dirmngr que puede resultar en CSRF controlado por el atacante, una divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio (DoS). El ataque parece ser explotable mediante una v\u00edctima que realice una petici\u00f3n WKD, por ejemplo, la introducci\u00f3n de una direcci\u00f3n de correo electr\u00f3nico en la ventana \"composer\" de Thunderbird/Enigmail. La vulnerabilidad parece haber sido solucionada tras el commit con ID 4a4bb874f63741026bd26264c43bb32b1099f060."
}
],
"id": "CVE-2018-1000858",
"lastModified": "2024-11-21T03:40:30.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T17:29:00.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3853-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3853-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-13 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | libgcrypt | * | |
| gnupg | libgcrypt | 1.6.0 | |
| gnupg | libgcrypt | 1.6.1 | |
| gnupg | libgcrypt | 1.6.2 | |
| gnupg | libgcrypt | 1.6.3 | |
| gnupg | libgcrypt | 1.6.4 | |
| gnupg | libgcrypt | 1.6.5 | |
| gnupg | libgcrypt | 1.7.0 | |
| gnupg | libgcrypt | 1.7.1 | |
| gnupg | libgcrypt | 1.7.2 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| gnupg | gnupg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B83822B-BC72-455D-A350-7DC9545E14A9",
"versionEndIncluding": "1.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9966B-2C22-4DC5-BAFA-8BFFACF03048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D6A352-8F0D-4C4E-9D99-E47E63C2800C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "204BCDDC-1B38-4905-BD99-38E712FCB136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44EDEC6E-B053-4162-B5BF-45975B457E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84491FE3-2FF4-4953-B0AC-57C4F3BE409A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E460-8258-46D7-875E-DC389652392A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A52C9BAF-4EE6-4371-A0B7-0DB0CE429D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68024F0D-19A3-4E20-B2A6-4E65278777F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A012DAB-3F4B-4236-9B6A-16B38B3F4ED9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2DC7AC-70A6-433A-9104-2BF05CA1F02D",
"versionEndIncluding": "1.4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits."
},
{
"lang": "es",
"value": "Las funciones de mezcla en el generador de n\u00fameros aleatorios en Libgcrypt en versiones anteriores a 1.5.6, 1.6.x en versiones anteriores a 1.6.6 y 1.7.x en versiones anteriores a 1.7.3 y GnuPG en versiones anteriores a 1.4.21 hacen m\u00e1s f\u00e1cil para atacantes obtener valores de 160 bits aprovechando el conocimiento de los 4640 bits previos."
}
],
"id": "CVE-2016-6313",
"lastModified": "2024-11-21T02:55:53.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-13T20:59:04.267",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3649"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92527"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3064-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3065-1"
},
{
"source": "secalert@redhat.com",
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201610-04"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201612-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3064-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3065-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201610-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-04 00:29
Modified
2024-11-21 04:15
Severity ?
Summary
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dev.gnupg.org/T3844 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3675-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.gnupg.org/T3844 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3675-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | 2.2.4 | |
| gnupg | gnupg | 2.2.5 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E01720E-775D-4A63-9BC0-FF61549FBC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "80550226-BF2F-45E4-8B51-8E6886AA58F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey."
},
{
"lang": "es",
"value": "GnuPG 2.2.4 y 2.2.5 no aplica una configuraci\u00f3n en la que la certificaci\u00f3n de claves requiere una clave maestra Certify offline. Esto resulta en que certificados aparentemente v\u00e1lidos ocurran solo con acceso a una subclave de firma."
}
],
"id": "CVE-2018-9234",
"lastModified": "2024-11-21T04:15:10.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-04T00:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dev.gnupg.org/T3844"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dev.gnupg.org/T3844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3675-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-320"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-29 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| sks_keyserver_project | sks_keyserver | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| f5 | traffix_signaling_delivery_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE9A5D9-E6DA-4C10-B054-DCFA4B5A2FE0",
"versionEndIncluding": "2.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5F6B3A-38B8-4B82-A29A-B4F2609FC795",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack."
},
{
"lang": "es",
"value": "La interacci\u00f3n entre el c\u00f3digo sks-keyserver hasta versi\u00f3n 1.2.0 de la red SKS keyserver, y GnuPG hasta la versi\u00f3n 2.2.16, hace arriesgado tener una l\u00ednea de configuraci\u00f3n keyserver de GnuPG que se refiera a un host en la red SKS keyserver. La recuperaci\u00f3n de datos de esta red puede causar una denegaci\u00f3n de servicio persistente, debido a un Ataque de Spamming de Certificado."
}
],
"id": "CVE-2019-13050",
"lastModified": "2024-11-21T04:24:06.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-29T17:15:08.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E452421-0CC6-4881-85CE-5FF790E15DEF",
"versionEndIncluding": "1.4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B63BBB3-F0A3-4532-9B9B-F0B0D4D27505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0C80D00C-A701-4427-9AF8-1EB9B489C809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE5E43F-D03A-4B24-AB9E-D3F58B4CBB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC4CD4-AF40-4578-A002-CB581248C17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BACBFCFE-B342-4F0A-86DE-834D9F67C72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D961679E-B916-47EE-8E06-5B1900AA80DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE91418D-A558-4352-8492-4061D1595E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7649D9A0-5D17-40CB-ACCF-4E6D52E448D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "249C32C0-6C36-4CE4-93EC-70DBF4F81F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF1CF5-A808-4D81-9249-6931C0FBFA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C752031B-9B93-4AD7-AA78-C1F6681355A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C06E3DEC-4E24-4A72-A673-7B7021F66AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02FE144C-7F47-4272-A382-4A3061FBE278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3DA8C4-7498-4931-9DD6-A288F7B79C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A51DD2D8-0BE3-420B-9C6B-4AC995758235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46660CA2-1403-47C9-8295-4099609409E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A133DA9B-41D7-434D-A4EF-903FAA4553D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66FC455C-1F58-4C6C-B7DE-B18507A3F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "545C62E1-89C8-440B-A472-63040465C9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52469668-39AB-4953-AC80-15F47F5AAD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2F511-F515-4733-8B3E-C0721E5D07A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2468BF42-3D18-4D3C-97F6-427257E36BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6B2A1B-E862-4429-918C-C412FDB6CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C81CFDA3-6B39-4559-AA67-E006074E610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "466E18ED-338E-42F2-AD4C-107138DB9454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E211E1C-BC8B-463B-816F-E2AAEE02A70F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "46FC73F7-E75C-482E-9C44-F85B2B5A46F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18FEB19C-810C-48FD-A10A-B4A11767CA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2E96E1-9E1C-4F7E-9902-F2290B204CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6863306-F7B8-47D9-8FF9-4340FC6D718F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA95D254-1D85-4523-9DF2-8A07BF05573E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D07D0653-4538-47D8-AB8F-0A23D65F0AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95E18355-65AF-4DB4-B6B2-431D7788FF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*",
"matchCriteriaId": "0E61804F-21BA-4850-B859-D69C80F37FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88C40692-FE9F-48D6-9AEB-5F35FA369980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*",
"matchCriteriaId": "585F51C8-2FDC-46CE-9F71-ED9EE2ADA472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18395DAB-24DA-4ABD-ABD8-38A49417B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6228E3FF-5EB4-4F46-9EA8-1B114947994D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96DEF388-2B09-4212-8AF5-9FE54CCAFEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A798490-741B-4EB4-B1D9-353A181A7AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*",
"matchCriteriaId": "F781A379-57DF-4D1E-8B85-4FD637E4B967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8466E9BD-5623-40EE-A604-0F29C3520B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98B61C-7093-4251-B1D8-59B647C2DF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9FCAC0-08D1-4044-A506-4AC14BF381CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "545E4C50-229D-4B27-9DB2-9D1204451A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D50A16A8-9C96-47CB-B18B-AE79C754ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08877372-B7DD-4543-84A8-C40D2BA100F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7135BE6C-E797-4C41-BCD5-161DC7561433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E909F1D4-AFB1-43F3-9635-E318D64099B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "688CDCA9-2809-4C0E-9DBC-133F48D56BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "564B521B-3C7C-46CF-94E8-A368AF81DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC04BFA0-C7B0-4F70-9676-8156C9CE18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "9F43CE80-06BC-4448-9033-F2F88663C527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "A7181202-BC32-4F1E-9EF8-F544CCDA1671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F55827F8-CC36-45DA-8F9E-1F520911EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7877BAA-8058-465F-AF8A-C1F4BFC84E04",
"versionEndIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE9E5CD-F6F8-4208-ACD2-5E2E88660A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "128317AB-E441-47E3-BE5C-86C0D9C267E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7509E7-9DF3-42AC-A538-A1BE675253BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFA68DC-FFA3-4538-8082-93588CCB44D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEEF3D2-57D5-4E33-8856-B7A859ADD453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73E283C1-F1AE-4D29-A683-B5C5503133EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AEF669-B7AA-425A-988A-9F858937EC76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload."
},
{
"lang": "es",
"value": "GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a trav\u00e9s de un ataque \"side-channel\" que involucra la cach\u00e9 L3. Aka Flush+Reload."
}
],
"id": "CVE-2013-4242",
"lastModified": "2024-11-21T01:55:11.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-19T23:55:09.010",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
},
{
"source": "secalert@redhat.com",
"url": "http://eprint.iacr.org/2013/448"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54318"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54321"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54332"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54375"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2730"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2731"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/976534"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61464"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1923-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://eprint.iacr.org/2013/448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/976534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1923-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-05 18:17
Modified
2024-11-21 01:16
Severity ?
Summary
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| fedoraproject | fedora | 13 | |
| debian | debian_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6E093F-B054-46B5-92A3-B106E784F30E",
"versionEndIncluding": "2.0.16",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un certificado con un gran n\u00famero de Subject Alternate Names, que no es manejado de forma adecuada en una operaci\u00f3n realloc cuando se importa el certificado o se verifica su firma."
}
],
"evaluatorImpact": "Per: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html\n\n\u0027GnuPG 1.x is NOT affected because it does not come with the GPGSM\ntool.\u0027",
"id": "CVE-2010-2547",
"lastModified": "2024-11-21T01:16:52.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-08-05T18:17:57.243",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38877"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40718"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40841"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024247"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1931"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1950"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1988"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-3229"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-01 22:15
Modified
2024-11-21 07:10
Severity ?
Summary
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77138E7-B1F0-49F9-99D8-6ECAD3EE7E7F",
"versionEndIncluding": "2.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
},
{
"lang": "es",
"value": "GnuPG versiones hasta 2.3.6, en situaciones inusuales en las que un atacante posee cualquier informaci\u00f3n de clave secreta del llavero de la v\u00edctima y son cumplidos en otras restricciones (por ejemplo, el uso de GPGME), permite una falsificaci\u00f3n de firmas por medio de la inyecci\u00f3n en la l\u00ednea de estado"
}
],
"id": "CVE-2022-34903",
"lastModified": "2024-11-21T07:10:24.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-01T22:15:08.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/1014157"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T6027"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5174"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/1014157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gnupg.org/T6027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 18:28
Modified
2024-11-21 00:22
Severity ?
Summary
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "365FF476-1FFD-4E09-900C-50E0660766AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n ask_outfile_name en el openfile.c para GnuPG (gpg) 1.4 y 2.0, cuando se est\u00e1 ejecutando interactivamente, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante mensajes con expansiones \"C-escape\", que provocan que la funci\u00f3n make_printable_string devuelva una cadena m\u00e1s larga de lo esperado mientras construye un aviso."
}
],
"id": "CVE-2006-6169",
"lastModified": "2024-11-21T00:22:03.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23094"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23110"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23146"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23161"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23171"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23250"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23269"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23299"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23303"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23513"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24047"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1927"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017291"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21306"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0068/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-389-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4736"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.g10code.com/gnupg/issue728"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-826"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0068/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-389-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.g10code.com/gnupg/issue728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario.\n\nRed Hat Enterprise Linux 5 contains a backported patch to address this issue.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-27 19:15
Modified
2024-11-21 01:27
Severity ?
Summary
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| redhat | enterprise_linux | 6.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4D2852-0390-46F5-BD33-BBF3EB8EABD6",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate."
},
{
"lang": "es",
"value": "dirmngr versiones anteriores a la versi\u00f3n 2.1.0, maneja inapropiadamente determinadas llamadas del sistema, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (DOS) por medio de un certificado especialmente dise\u00f1ado."
}
],
"id": "CVE-2011-2207",
"lastModified": "2024-11-21T01:27:49.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T19:15:11.497",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-29 22:15
Modified
2024-11-21 02:08
Severity ?
Summary
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| gnupg | libgcrypt | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A4C18-6BE6-437E-81AD-C4AD73A78038",
"versionEndExcluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840D7B26-0812-45F3-803A-B24F7D843364",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
},
{
"lang": "es",
"value": "Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, no implementa un blinding de texto cifrado para el desencriptado de Elgamal, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener la clave privada del servidor determinando factores que utilizan texto cifrado y las fluctuaciones en el campo electromagn\u00e9tico durante la multiplicaci\u00f3n."
}
],
"id": "CVE-2014-3591",
"lastModified": "2024-11-21T02:08:27.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T22:15:11.703",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-34903
Vulnerability from cvelistv5
Published
2022-07-01 21:05
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/1014157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gnupg.org/T6027"
},
{
"name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
},
{
"name": "DSA-5174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5174"
},
{
"name": "FEDORA-2022-aa14d396dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
},
{
"name": "FEDORA-2022-1124e5882d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
},
{
"name": "FEDORA-2022-0dbfb7e270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
},
{
"name": "FEDORA-2022-1747eea46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T14:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/1014157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gnupg.org/T6027"
},
{
"name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
},
{
"name": "DSA-5174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5174"
},
{
"name": "FEDORA-2022-aa14d396dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
},
{
"name": "FEDORA-2022-1124e5882d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
},
{
"name": "FEDORA-2022-0dbfb7e270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
},
{
"name": "FEDORA-2022-1747eea46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2022/06/30/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
},
{
"name": "https://bugs.debian.org/1014157",
"refsource": "MISC",
"url": "https://bugs.debian.org/1014157"
},
{
"name": "https://dev.gnupg.org/T6027",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T6027"
},
{
"name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
},
{
"name": "DSA-5174",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5174"
},
{
"name": "FEDORA-2022-aa14d396dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
},
{
"name": "FEDORA-2022-1124e5882d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
},
{
"name": "FEDORA-2022-0dbfb7e270",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
},
{
"name": "FEDORA-2022-1747eea46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220826-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34903",
"datePublished": "2022-07-01T21:05:18",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1530
Vulnerability from cvelistv5
Published
2008-03-27 23:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1056/references | vdb-entry, x_refsource_VUPEN | |
| http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41547 | vdb-entry, x_refsource_XF | |
| http://www.ocert.org/advisories/ocert-2008-1.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28487 | vdb-entry, x_refsource_BID | |
| https://bugs.g10code.com/gnupg/issue894 | x_refsource_CONFIRM | |
| https://bugs.gentoo.org/show_bug.cgi?id=214990 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29568 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1056/references"
},
{
"name": "[Announce] 20080326 GnuPG 1.4.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html"
},
{
"name": "gnupg-keys-code-execution(41547)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-1.html"
},
{
"name": "28487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.g10code.com/gnupg/issue894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990"
},
{
"name": "29568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1056/references"
},
{
"name": "[Announce] 20080326 GnuPG 1.4.9 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html"
},
{
"name": "gnupg-keys-code-execution(41547)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-1.html"
},
{
"name": "28487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.g10code.com/gnupg/issue894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990"
},
{
"name": "29568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1056/references"
},
{
"name": "[Announce] 20080326 GnuPG 1.4.9 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html"
},
{
"name": "gnupg-keys-code-execution(41547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-1.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-1.html"
},
{
"name": "28487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28487"
},
{
"name": "https://bugs.g10code.com/gnupg/issue894",
"refsource": "CONFIRM",
"url": "https://bugs.g10code.com/gnupg/issue894"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=214990",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990"
},
{
"name": "29568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1530",
"datePublished": "2008-03-27T23:00:00",
"dateReserved": "2008-03-27T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1263
Vulnerability from cvelistv5
Published
2007-03-06 20:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1111"
},
{
"name": "2007-0009",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0009/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm"
},
{
"name": "FEDORA-2007-315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2776"
},
{
"name": "24407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24407"
},
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "24438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24438"
},
{
"name": "FEDORA-2007-316",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2775"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "oval:org.mitre.oval:def:10496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496"
},
{
"name": "2353",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "RHSA-2007:0107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html"
},
{
"name": "DSA-1266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1266"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "24511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24511"
},
{
"name": "USN-432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-432-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24734"
},
{
"name": "24419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24419"
},
{
"name": "24544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24544"
},
{
"name": "USN-432-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-432-2"
},
{
"name": "24420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24420"
},
{
"name": "24875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24875"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24365"
},
{
"name": "MDKSA-2007:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059"
},
{
"name": "RHSA-2007:0106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html"
},
{
"name": "22757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22757"
},
{
"name": "1017727",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "SUSE-SA:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html"
},
{
"name": "ADV-2007-0835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"name": "24489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1111"
},
{
"name": "2007-0009",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0009/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm"
},
{
"name": "FEDORA-2007-315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2776"
},
{
"name": "24407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24407"
},
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "24438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24438"
},
{
"name": "FEDORA-2007-316",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2775"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "oval:org.mitre.oval:def:10496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496"
},
{
"name": "2353",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "RHSA-2007:0107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html"
},
{
"name": "DSA-1266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1266"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "24511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24511"
},
{
"name": "USN-432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-432-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24734"
},
{
"name": "24419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24419"
},
{
"name": "24544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24544"
},
{
"name": "USN-432-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-432-2"
},
{
"name": "24420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24420"
},
{
"name": "24875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24875"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24365"
},
{
"name": "MDKSA-2007:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059"
},
{
"name": "RHSA-2007:0106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html"
},
{
"name": "22757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22757"
},
{
"name": "1017727",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "SUSE-SA:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html"
},
{
"name": "ADV-2007-0835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"name": "24489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-1111",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1111"
},
{
"name": "2007-0009",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0009/"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm"
},
{
"name": "FEDORA-2007-315",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2776"
},
{
"name": "24407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24407"
},
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "24438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24438"
},
{
"name": "FEDORA-2007-316",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2775"
},
{
"name": "24650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24650"
},
{
"name": "oval:org.mitre.oval:def:10496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496"
},
{
"name": "2353",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "RHSA-2007:0107",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0107.html"
},
{
"name": "DSA-1266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1266"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "24511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24511"
},
{
"name": "USN-432-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-432-1"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=1687",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24734"
},
{
"name": "24419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24419"
},
{
"name": "24544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24544"
},
{
"name": "USN-432-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-432-2"
},
{
"name": "24420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24420"
},
{
"name": "24875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24875"
},
{
"name": "20070301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24365"
},
{
"name": "MDKSA-2007:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:059"
},
{
"name": "RHSA-2007:0106",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0106.html"
},
{
"name": "22757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22757"
},
{
"name": "1017727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "SUSE-SA:2007:024",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html"
},
{
"name": "ADV-2007-0835",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"name": "24489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1263",
"datePublished": "2007-03-06T20:00:00",
"dateReserved": "2007-03-04T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4242
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-2731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2731"
},
{
"name": "54332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54332"
},
{
"name": "54321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54321"
},
{
"name": "54375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54375"
},
{
"name": "openSUSE-SU-2013:1294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
},
{
"name": "61464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61464"
},
{
"name": "USN-1923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1923-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2013/448"
},
{
"name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
},
{
"name": "VU#976534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/976534"
},
{
"name": "DSA-2730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2730"
},
{
"name": "RHSA-2013:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "54318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-2731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2731"
},
{
"name": "54332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54332"
},
{
"name": "54321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54321"
},
{
"name": "54375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54375"
},
{
"name": "openSUSE-SU-2013:1294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
},
{
"name": "61464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61464"
},
{
"name": "USN-1923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1923-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2013/448"
},
{
"name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
},
{
"name": "VU#976534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/976534"
},
{
"name": "DSA-2730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2730"
},
{
"name": "RHSA-2013:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "54318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-2731",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2731"
},
{
"name": "54332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54332"
},
{
"name": "54321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54321"
},
{
"name": "54375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54375"
},
{
"name": "openSUSE-SU-2013:1294",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html"
},
{
"name": "61464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61464"
},
{
"name": "USN-1923-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1923-1"
},
{
"name": "http://eprint.iacr.org/2013/448",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2013/448"
},
{
"name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html"
},
{
"name": "VU#976534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/976534"
},
{
"name": "DSA-2730",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2730"
},
{
"name": "RHSA-2013:1457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "54318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4242",
"datePublished": "2013-08-19T23:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3591
Vulnerability from cvelistv5
Published
2019-11-29 21:02
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.tau.ac.il/~tromer/radioexp/ | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3184 | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3185 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Libgcrypt",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "before 1.6.3"
}
]
},
{
"product": "GnuPG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "before 1.4.19"
}
]
}
],
"datePublic": "2012-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T21:02:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Libgcrypt",
"version": {
"version_data": [
{
"version_value": "before 1.6.3"
}
]
}
},
{
"product_name": "GnuPG",
"version": {
"version_data": [
{
"version_value": "before 1.4.19"
}
]
}
}
]
},
"vendor_name": "GNU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
"refsource": "MISC",
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"name": "http://www.debian.org/security/2015/dsa-3184",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"name": "http://www.debian.org/security/2015/dsa-3185",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3591",
"datePublished": "2019-11-29T21:02:23",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9234
Vulnerability from cvelistv5
Published
2018-04-04 00:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dev.gnupg.org/T3844 | x_refsource_MISC | |
| https://usn.ubuntu.com/3675-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gnupg.org/T3844"
},
{
"name": "USN-3675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3675-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gnupg.org/T3844"
},
{
"name": "USN-3675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3675-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gnupg.org/T3844",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T3844"
},
{
"name": "USN-3675-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9234",
"datePublished": "2018-04-04T00:00:00",
"dateReserved": "2018-04-03T00:00:00",
"dateUpdated": "2024-08-05T07:17:52.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3082
Vulnerability from cvelistv5
Published
2006-06-19 18:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20899"
},
{
"name": "oval:org.mitre.oval:def:10089",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"name": "20968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20968"
},
{
"name": "20881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157"
},
{
"name": "20060629 rPSA-2006-0120-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"name": "20783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20783"
},
{
"name": "DSA-1107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"name": "20811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20811"
},
{
"name": "SUSE-SR:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"name": "20060531 RE: GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"name": "21063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21063"
},
{
"name": "21135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21135"
},
{
"name": "20829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20829"
},
{
"name": "ADV-2006-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"name": "20060601 Re: GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"name": "20801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20801"
},
{
"name": "20060531 GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"name": "18554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18554"
},
{
"name": "USN-304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/304-1/"
},
{
"name": "SUSE-SR:2006:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "RHSA-2006:0571",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"name": "MDKSA-2006:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"name": "DSA-1115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"name": "OpenPKG-SA-2006.010",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"name": "20060701-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name": "21137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21137"
},
{
"name": "21143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21143"
},
{
"name": "21585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21585"
},
{
"name": "1016519",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016519"
},
{
"name": "SSA:2006-178-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.457382"
},
{
"name": "gnupg-parsepacket-bo(27245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20899"
},
{
"name": "oval:org.mitre.oval:def:10089",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"name": "20968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20968"
},
{
"name": "20881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157"
},
{
"name": "20060629 rPSA-2006-0120-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"name": "20783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20783"
},
{
"name": "DSA-1107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"name": "20811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20811"
},
{
"name": "SUSE-SR:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"name": "20060531 RE: GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"name": "21063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21063"
},
{
"name": "21135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21135"
},
{
"name": "20829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20829"
},
{
"name": "ADV-2006-2450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"name": "20060601 Re: GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"name": "20801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20801"
},
{
"name": "20060531 GnuPG fun",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"name": "18554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18554"
},
{
"name": "USN-304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/304-1/"
},
{
"name": "SUSE-SR:2006:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "RHSA-2006:0571",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"name": "MDKSA-2006:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"name": "DSA-1115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"name": "OpenPKG-SA-2006.010",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"name": "20060701-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name": "21137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21137"
},
{
"name": "21143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21143"
},
{
"name": "21585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21585"
},
{
"name": "1016519",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016519"
},
{
"name": "SSA:2006-178-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.457382"
},
{
"name": "gnupg-parsepacket-bo(27245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20899"
},
{
"name": "oval:org.mitre.oval:def:10089",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"name": "20968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20968"
},
{
"name": "20881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20881"
},
{
"name": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157",
"refsource": "CONFIRM",
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157\u0026r1=4141\u0026r2=4157"
},
{
"name": "20060629 rPSA-2006-0120-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"name": "20783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20783"
},
{
"name": "DSA-1107",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"name": "20811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20811"
},
{
"name": "SUSE-SR:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"name": "20060531 RE: GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"name": "21063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21063"
},
{
"name": "21135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21135"
},
{
"name": "20829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20829"
},
{
"name": "ADV-2006-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"name": "20060601 Re: GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"name": "20801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20801"
},
{
"name": "20060531 GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"name": "18554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18554"
},
{
"name": "USN-304-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/304-1/"
},
{
"name": "SUSE-SR:2006:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "RHSA-2006:0571",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"name": "MDKSA-2006:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"name": "DSA-1115",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"name": "OpenPKG-SA-2006.010",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"name": "20060701-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name": "21137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21137"
},
{
"name": "21143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21143"
},
{
"name": "21585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21585"
},
{
"name": "1016519",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016519"
},
{
"name": "SSA:2006-178-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.457382"
},
{
"name": "gnupg-parsepacket-bo(27245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3082",
"datePublished": "2006-06-19T18:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1607
Vulnerability from cvelistv5
Published
2019-11-20 18:30
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/02/13/14 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/02/14/6 | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html | x_refsource_MISC | |
| http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/usn-2554-1/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/72610 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-2554-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T18:30:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/usn-2554-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/72610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/13/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/14/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392",
"refsource": "MISC",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392"
},
{
"name": "http://www.ubuntu.com/usn/usn-2554-1/",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/usn-2554-1/"
},
{
"name": "http://www.securityfocus.com/bid/72610",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/72610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1607",
"datePublished": "2019-11-20T18:30:54",
"dateReserved": "2015-02-14T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6313
Vulnerability from cvelistv5
Published
2016-12-13 20:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3650 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201612-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3064-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2016/dsa-3649 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201610-04 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1036635 | vdb-entry, x_refsource_SECTRACK | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html | mailing-list, x_refsource_MLIST | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2674.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/92527 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-3065-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3650"
},
{
"name": "GLSA-201612-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-01"
},
{
"name": "USN-3064-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3064-1"
},
{
"name": "DSA-3649",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3649"
},
{
"name": "GLSA-201610-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-04"
},
{
"name": "1036635",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036635"
},
{
"name": "[gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS"
},
{
"name": "RHSA-2016:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html"
},
{
"name": "92527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92527"
},
{
"name": "USN-3065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3065-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3650"
},
{
"name": "GLSA-201612-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-01"
},
{
"name": "USN-3064-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3064-1"
},
{
"name": "DSA-3649",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3649"
},
{
"name": "GLSA-201610-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-04"
},
{
"name": "1036635",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036635"
},
{
"name": "[gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS"
},
{
"name": "RHSA-2016:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html"
},
{
"name": "92527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92527"
},
{
"name": "USN-3065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3065-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3650",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3650"
},
{
"name": "GLSA-201612-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-01"
},
{
"name": "USN-3064-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3064-1"
},
{
"name": "DSA-3649",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3649"
},
{
"name": "GLSA-201610-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-04"
},
{
"name": "1036635",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036635"
},
{
"name": "[gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]",
"refsource": "MLIST",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html"
},
{
"name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS",
"refsource": "CONFIRM",
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS"
},
{
"name": "RHSA-2016:2674",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html"
},
{
"name": "92527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92527"
},
{
"name": "USN-3065-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3065-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6313",
"datePublished": "2016-12-13T20:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:18.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14855
Vulnerability from cvelistv5
Published
2020-03-20 00:00
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4516-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4516-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dev.gnupg.org/T4755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnupg2",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "2.2.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4516-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4516-1/"
},
{
"url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
},
{
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
},
{
"url": "https://dev.gnupg.org/T4755"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14855",
"datePublished": "2020-03-20T00:00:00",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3219
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://dev.gnupg.org/D556"
},
{
"tags": [
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3219"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
},
{
"tags": [
"x_transferred"
],
"url": "https://dev.gnupg.org/T5993"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnupg",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnupg2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://dev.gnupg.org/D556"
},
{
"url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3219"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
},
{
"url": "https://dev.gnupg.org/T5993"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3219",
"datePublished": "2023-02-23T00:00:00",
"dateReserved": "2022-09-15T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9087
Vulnerability from cvelistv5
Published
2014-12-01 15:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/60233 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3078 | vendor-advisory, x_refsource_DEBIAN | |
| http://advisories.mageia.org/MGASA-2014-0498.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/71285 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/60073 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/60189 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2427-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"name": "MDVSA-2015:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"name": "60233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60233"
},
{
"name": "DSA-3078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"name": "MDVSA-2014:234",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"name": "71285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71285"
},
{
"name": "60073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60073"
},
{
"name": "60189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60189"
},
{
"name": "[gnupg-announce] 20141125 [Announce] [security fix] Libksba 1.3.2 for GnuPG released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"name": "USN-2427-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2427-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-28T13:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"name": "MDVSA-2015:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"name": "60233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60233"
},
{
"name": "DSA-3078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"name": "MDVSA-2014:234",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"name": "71285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71285"
},
{
"name": "60073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60073"
},
{
"name": "60189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60189"
},
{
"name": "[gnupg-announce] 20141125 [Announce] [security fix] Libksba 1.3.2 for GnuPG released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"name": "USN-2427-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2427-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"name": "MDVSA-2015:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"name": "60233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60233"
},
{
"name": "DSA-3078",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0498.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"name": "MDVSA-2014:234",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"name": "71285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71285"
},
{
"name": "60073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60073"
},
{
"name": "60189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60189"
},
{
"name": "[gnupg-announce] 20141125 [Announce] [security fix] Libksba 1.3.2 for GnuPG released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"name": "USN-2427-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2427-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-9087",
"datePublished": "2014-12-01T15:00:00",
"dateReserved": "2014-11-26T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4617
Vulnerability from cvelistv5
Published
2014-06-25 10:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59351"
},
{
"name": "59578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59578"
},
{
"name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"name": "DSA-2967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"name": "openSUSE-SU-2014:0866",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"name": "USN-2258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-2968",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"name": "59534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59534"
},
{
"name": "59213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59213"
},
{
"name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59351"
},
{
"name": "59578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59578"
},
{
"name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"name": "DSA-2967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"name": "openSUSE-SU-2014:0866",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"name": "USN-2258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-2968",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"name": "59534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59534"
},
{
"name": "59213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59213"
},
{
"name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59351"
},
{
"name": "59578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59578"
},
{
"name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"name": "DSA-2967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"name": "openSUSE-SU-2014:0866",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342",
"refsource": "CONFIRM",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"name": "USN-2258-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-2968",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a",
"refsource": "CONFIRM",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"name": "59534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59534"
},
{
"name": "59213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59213"
},
{
"name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4617",
"datePublished": "2014-06-25T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1606
Vulnerability from cvelistv5
Published
2019-11-20 18:30
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3184 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/02/13/14 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/02/14/6 | x_refsource_MISC | |
| http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1031876 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T18:30:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"
},
{
"name": "http://www.debian.org/security/2015/dsa-3184",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/13/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/14"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/14/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/14/6"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648",
"refsource": "MISC",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"
},
{
"name": "http://www.securitytracker.com/id/1031876",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1031876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1606",
"datePublished": "2019-11-20T18:30:47",
"dateReserved": "2015-02-14T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3515
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3515"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libksba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in libksba v1.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 - Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
},
{
"url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
},
{
"url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3515"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3515",
"datePublished": "2023-01-12T00:00:00",
"dateReserved": "2022-10-14T00:00:00",
"dateUpdated": "2024-08-03T01:14:02.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4402
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1015685 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1987-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433 | x_refsource_CONFIRM | |
| http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2773 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2013-1459.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2013/dsa-2774 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
},
{
"name": "openSUSE-SU-2013:1546",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
},
{
"name": "USN-1987-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1987-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
},
{
"name": "DSA-2773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "openSUSE-SU-2013:1552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "DSA-2774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
},
{
"name": "openSUSE-SU-2013:1546",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
},
{
"name": "USN-1987-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1987-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
},
{
"name": "DSA-2773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "openSUSE-SU-2013:1552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "DSA-2774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
},
{
"name": "openSUSE-SU-2013:1546",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
},
{
"name": "USN-1987-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1987-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
},
{
"name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
},
{
"name": "DSA-2773",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "openSUSE-SU-2013:1552",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
},
{
"name": "RHSA-2013:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "DSA-2774",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4402",
"datePublished": "2013-10-28T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000858
Vulnerability from cvelistv5
Published
2018-12-20 16:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html | x_refsource_MISC | |
| https://usn.ubuntu.com/3853-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html"
},
{
"name": "USN-3853-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3853-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-11T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html"
},
{
"name": "USN-3853-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3853-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1000858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html",
"refsource": "MISC",
"url": "https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html"
},
{
"name": "USN-3853-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3853-1/"
},
{
"name": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html",
"refsource": "MISC",
"url": "https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000858",
"datePublished": "2018-12-20T16:00:00",
"dateReserved": "2018-12-20T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6085
Vulnerability from cvelistv5
Published
2013-01-24 01:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=891142 | x_refsource_MISC | |
| https://bugs.g10code.com/gnupg/issue1455 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57102 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/01/01/6 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html | vendor-advisory, x_refsource_FEDORA | |
| http://rhn.redhat.com/errata/RHSA-2013-1459.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-1682-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:001 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80990 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.g10code.com/gnupg/issue1455"
},
{
"name": "57102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57102"
},
{
"name": "FEDORA-2013-0377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
},
{
"name": "[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
},
{
"name": "FEDORA-2013-0148",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "USN-1682-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1682-1"
},
{
"name": "MDVSA-2013:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
},
{
"name": "gnupg-public-keys-code-exec(80990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.g10code.com/gnupg/issue1455"
},
{
"name": "57102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57102"
},
{
"name": "FEDORA-2013-0377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
},
{
"name": "[oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
},
{
"name": "FEDORA-2013-0148",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "USN-1682-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1682-1"
},
{
"name": "MDVSA-2013:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
},
{
"name": "gnupg-public-keys-code-exec(80990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6085",
"datePublished": "2013-01-24T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13050
Vulnerability from cvelistv5
Published
2019-06-29 16:07
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:09.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
},
{
"name": "FEDORA-2019-2f259a6c0a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/"
},
{
"name": "FEDORA-2019-28a3675529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/"
},
{
"name": "openSUSE-SU-2019:1917",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
},
{
"name": "FEDORA-2019-2f259a6c0a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/"
},
{
"name": "FEDORA-2019-28a3675529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/"
},
{
"name": "openSUSE-SU-2019:1917",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
"refsource": "MISC",
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
"refsource": "CONFIRM",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"name": "https://twitter.com/lambdafu/status/1147162583969009664",
"refsource": "MISC",
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
},
{
"name": "FEDORA-2019-2f259a6c0a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/"
},
{
"name": "FEDORA-2019-28a3675529",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/"
},
{
"name": "openSUSE-SU-2019:1917",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
},
{
"name": "https://support.f5.com/csp/article/K08654551",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"name": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13050",
"datePublished": "2019-06-29T16:07:13",
"dateReserved": "2019-06-29T00:00:00",
"dateUpdated": "2024-08-04T23:41:09.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3746
Vulnerability from cvelistv5
Published
2006-07-28 21:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
},
{
"name": "21329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21329"
},
{
"name": "RHSA-2006:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1"
},
{
"name": "21297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21297"
},
{
"name": "ADV-2006-3123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3123"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11347",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
},
{
"name": "21300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21300"
},
{
"name": "21326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21326"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://issues.rpath.com/browse/RPL-560"
},
{
"name": "21598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21598"
},
{
"name": "gnupg-parsecomment-bo(28220)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21467"
},
{
"name": "DSA-1140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1140"
},
{
"name": "19110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19110"
},
{
"name": "21351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21351"
},
{
"name": "21522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21522"
},
{
"name": "21333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
},
{
"name": "[Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
},
{
"name": "MDKSA-2006:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
},
{
"name": "[Dailydave] 20060721 GnuPG 1.4.4 fun",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
},
{
"name": "USN-332-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-332-1"
},
{
"name": "21378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21378"
},
{
"name": "1016622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016622"
},
{
"name": "27664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27664"
},
{
"name": "21346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21346"
},
{
"name": "20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
},
{
"name": "GLSA-200608-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
},
{
"name": "DSA-1141",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1141"
},
{
"name": "20060802 rPSA-2006-0143-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"name": "21306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21306"
},
{
"name": "21524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21524"
},
{
"name": "2006-0044",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://lwn.net/Alerts/194228/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20060801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
},
{
"name": "21329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21329"
},
{
"name": "RHSA-2006:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204%3Bmsg=15%3Batt=1"
},
{
"name": "21297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21297"
},
{
"name": "ADV-2006-3123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3123"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11347",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
},
{
"name": "21300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21300"
},
{
"name": "21326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21326"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://issues.rpath.com/browse/RPL-560"
},
{
"name": "21598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21598"
},
{
"name": "gnupg-parsecomment-bo(28220)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21467"
},
{
"name": "DSA-1140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1140"
},
{
"name": "19110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19110"
},
{
"name": "21351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21351"
},
{
"name": "21522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21522"
},
{
"name": "21333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
},
{
"name": "[Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
},
{
"name": "MDKSA-2006:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
},
{
"name": "[Dailydave] 20060721 GnuPG 1.4.4 fun",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
},
{
"name": "USN-332-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-332-1"
},
{
"name": "21378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21378"
},
{
"name": "1016622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016622"
},
{
"name": "27664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27664"
},
{
"name": "21346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21346"
},
{
"name": "20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
},
{
"name": "GLSA-200608-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
},
{
"name": "DSA-1141",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1141"
},
{
"name": "20060802 rPSA-2006-0143-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"name": "21306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21306"
},
{
"name": "21524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21524"
},
{
"name": "2006-0044",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://lwn.net/Alerts/194228/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060801-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
},
{
"name": "21329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21329"
},
{
"name": "RHSA-2006:0615",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1"
},
{
"name": "21297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21297"
},
{
"name": "ADV-2006-3123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3123"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11347",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
},
{
"name": "21300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21300"
},
{
"name": "21326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21326"
},
{
"name": "http://issues.rpath.com/browse/RPL-560",
"refsource": "MISC",
"url": "http://issues.rpath.com/browse/RPL-560"
},
{
"name": "21598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21598"
},
{
"name": "gnupg-parsecomment-bo(28220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "DSA-1140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1140"
},
{
"name": "19110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19110"
},
{
"name": "21351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21351"
},
{
"name": "21522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21522"
},
{
"name": "21333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21333"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
},
{
"name": "[Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun",
"refsource": "MLIST",
"url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
},
{
"name": "MDKSA-2006:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
},
{
"name": "[Dailydave] 20060721 GnuPG 1.4.4 fun",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
},
{
"name": "USN-332-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-332-1"
},
{
"name": "21378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21378"
},
{
"name": "1016622",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016622"
},
{
"name": "27664",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27664"
},
{
"name": "21346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21346"
},
{
"name": "20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
},
{
"name": "GLSA-200608-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
},
{
"name": "DSA-1141",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1141"
},
{
"name": "20060802 rPSA-2006-0143-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"name": "21306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21306"
},
{
"name": "21524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21524"
},
{
"name": "2006-0044",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/194228/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-3746",
"datePublished": "2006-07-28T21:00:00",
"dateReserved": "2006-07-20T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4351
Vulnerability from cvelistv5
Published
2013-10-10 00:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
References
| ▼ | URL | Tags |
|---|---|---|
| http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://ubuntu.com/usn/usn-1987-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2013/dsa-2773 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2013/09/13/4 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-1459.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2013/dsa-2774 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1010137 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
},
{
"name": "openSUSE-SU-2013:1532",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
},
{
"name": "USN-1987-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1987-1"
},
{
"name": "DSA-2773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "openSUSE-SU-2013:1526",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
},
{
"name": "DSA-2774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
},
{
"name": "openSUSE-SU-2013:1532",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
},
{
"name": "USN-1987-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1987-1"
},
{
"name": "DSA-2773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
},
{
"name": "RHSA-2013:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "openSUSE-SU-2013:1526",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
},
{
"name": "DSA-2774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4351",
"datePublished": "2013-10-10T00:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6169
Vulnerability from cvelistv5
Published
2006-11-29 18:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23110"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061127 GnuPG 1.4 and 2.0 buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-826"
},
{
"name": "gnupg-openfile-bo(30550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "23146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23146"
},
{
"name": "23171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23171"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "2006-0068",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0068/"
},
{
"name": "1927",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1927"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "USN-389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-389-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.g10code.com/gnupg/issue728"
},
{
"name": "1017291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017291"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "[gnupg-announce] 20061127 GnuPG 1.4 and 2.0 buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
},
{
"name": "23094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23094"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "20061201 rPSA-2006-0224-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
},
{
"name": "21306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21306"
},
{
"name": "ADV-2006-4736",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4736"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "23161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23161"
},
{
"name": "MDKSA-2006:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "oval:org.mitre.oval:def:11228",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23110"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061127 GnuPG 1.4 and 2.0 buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-826"
},
{
"name": "gnupg-openfile-bo(30550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "23146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23146"
},
{
"name": "23171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23171"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "2006-0068",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0068/"
},
{
"name": "1927",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1927"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "USN-389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-389-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.g10code.com/gnupg/issue728"
},
{
"name": "1017291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017291"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "[gnupg-announce] 20061127 GnuPG 1.4 and 2.0 buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
},
{
"name": "23094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23094"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "20061201 rPSA-2006-0224-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
},
{
"name": "21306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21306"
},
{
"name": "ADV-2006-4736",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4736"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "23161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23161"
},
{
"name": "MDKSA-2006:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "oval:org.mitre.oval:def:11228",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23110"
},
{
"name": "23269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061127 GnuPG 1.4 and 2.0 buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
},
{
"name": "https://issues.rpath.com/browse/RPL-826",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-826"
},
{
"name": "gnupg-openfile-bo(30550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
},
{
"name": "23513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23284"
},
{
"name": "23146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23146"
},
{
"name": "23171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23171"
},
{
"name": "USN-393-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "RHSA-2006:0754",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "2006-0068",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0068/"
},
{
"name": "1927",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1927"
},
{
"name": "DSA-1231",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "23299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23299"
},
{
"name": "USN-389-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-389-1"
},
{
"name": "https://bugs.g10code.com/gnupg/issue728",
"refsource": "MISC",
"url": "https://bugs.g10code.com/gnupg/issue728"
},
{
"name": "1017291",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017291"
},
{
"name": "GLSA-200612-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "[gnupg-announce] 20061127 GnuPG 1.4 and 2.0 buffer overflow",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
},
{
"name": "23094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23094"
},
{
"name": "SUSE-SA:2006:075",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "20061201 rPSA-2006-0224-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
},
{
"name": "21306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21306"
},
{
"name": "ADV-2006-4736",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4736"
},
{
"name": "23250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "23161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23161"
},
{
"name": "MDKSA-2006:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"name": "OpenPKG-SA-2006.037",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "oval:org.mitre.oval:def:11228",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
},
{
"name": "24047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6169",
"datePublished": "2006-11-29T18:00:00",
"dateReserved": "2006-11-29T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12020
Vulnerability from cvelistv5
Published
2018-06-08 21:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3675-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3675-2/"
},
{
"name": "RHSA-2018:2180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2180"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2018/06/08/2"
},
{
"name": "DSA-4222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4222"
},
{
"name": "RHSA-2018:2181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "DSA-4224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4224"
},
{
"name": "104450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104450"
},
{
"name": "DSA-4223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4223"
},
{
"name": "USN-3675-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"name": "1041051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041051"
},
{
"name": "USN-3675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gnupg.org/T4012"
},
{
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"name": "USN-3964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3964-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T22:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3675-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3675-2/"
},
{
"name": "RHSA-2018:2180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2180"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2018/06/08/2"
},
{
"name": "DSA-4222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4222"
},
{
"name": "RHSA-2018:2181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "DSA-4224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4224"
},
{
"name": "104450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104450"
},
{
"name": "DSA-4223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4223"
},
{
"name": "USN-3675-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"name": "1041051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041051"
},
{
"name": "USN-3675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gnupg.org/T4012"
},
{
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"name": "USN-3964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3964-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3675-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-2/"
},
{
"name": "RHSA-2018:2180",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2180"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
},
{
"name": "http://openwall.com/lists/oss-security/2018/06/08/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/06/08/2"
},
{
"name": "DSA-4222",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4222"
},
{
"name": "RHSA-2018:2181",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2181"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "DSA-4224",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4224"
},
{
"name": "104450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104450"
},
{
"name": "DSA-4223",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4223"
},
{
"name": "USN-3675-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"name": "1041051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041051"
},
{
"name": "USN-3675-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"name": "https://dev.gnupg.org/T4012",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T4012"
},
{
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"name": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"name": "USN-3964-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3964-1/"
},
{
"name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired",
"refsource": "MISC",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf",
"refsource": "MISC",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12020",
"datePublished": "2018-06-08T21:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25125
Vulnerability from cvelistv5
Published
2020-09-03 17:48
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.opensuse.org/show_bug.cgi?id=1176034 | x_refsource_MISC | |
| https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html | x_refsource_MISC | |
| https://dev.gnupg.org/T5050 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/03/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/09/03/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gnupg.org/T5050"
},
{
"name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
},
{
"name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-03T20:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gnupg.org/T5050"
},
{
"name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
},
{
"name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034",
"refsource": "MISC",
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
},
{
"name": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc",
"refsource": "MISC",
"url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
},
{
"name": "https://dev.gnupg.org/T5050",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T5050"
},
{
"name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
},
{
"name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25125",
"datePublished": "2020-09-03T17:48:07",
"dateReserved": "2020-09-03T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2207
Vulnerability from cvelistv5
Published
2019-11-27 18:06
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-2207 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-2207 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2011/06/15/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
},
{
"name": "[oss-security] 20110615 Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dirmngr",
"vendor": "dirmngr",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "fixed in 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper dealing with blocking system calls, when verifying a certificate",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:06:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
},
{
"name": "[oss-security] 20110615 Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2207",
"datePublished": "2019-11-27T18:06:44",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4576
Vulnerability from cvelistv5
Published
2013-12-20 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64424 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2059-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://osvdb.org/101170 | vdb-entry, x_refsource_OSVDB | |
| http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0016.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1029513 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89846 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2013/dsa-2821 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q4/523 | mailing-list, x_refsource_MLIST | |
| http://www.cs.tau.ac.il/~tromer/acoustic/ | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q4/520 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64424"
},
{
"name": "USN-2059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2059-1"
},
{
"name": "101170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101170"
},
{
"name": "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html"
},
{
"name": "RHSA-2014:0016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html"
},
{
"name": "1029513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029513"
},
{
"name": "gunpg-cve20134576-info-disclosure(89846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846"
},
{
"name": "DSA-2821",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2821"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf"
},
{
"name": "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/523"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.tau.ac.il/~tromer/acoustic/"
},
{
"name": "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64424"
},
{
"name": "USN-2059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2059-1"
},
{
"name": "101170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101170"
},
{
"name": "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html"
},
{
"name": "RHSA-2014:0016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html"
},
{
"name": "1029513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029513"
},
{
"name": "gunpg-cve20134576-info-disclosure(89846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846"
},
{
"name": "DSA-2821",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2821"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf"
},
{
"name": "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/523"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.tau.ac.il/~tromer/acoustic/"
},
{
"name": "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64424"
},
{
"name": "USN-2059-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2059-1"
},
{
"name": "101170",
"refsource": "OSVDB",
"url": "http://osvdb.org/101170"
},
{
"name": "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html"
},
{
"name": "RHSA-2014:0016",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html"
},
{
"name": "1029513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029513"
},
{
"name": "gunpg-cve20134576-info-disclosure(89846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846"
},
{
"name": "DSA-2821",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2821"
},
{
"name": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf",
"refsource": "MISC",
"url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf"
},
{
"name": "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/523"
},
{
"name": "http://www.cs.tau.ac.il/~tromer/acoustic/",
"refsource": "MISC",
"url": "http://www.cs.tau.ac.il/~tromer/acoustic/"
},
{
"name": "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4576",
"datePublished": "2013-12-20T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2547
Vulnerability from cvelistv5
Published
2010-08-05 18:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
},
{
"name": "ADV-2010-1988",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1988"
},
{
"name": "SUSE-SR:2010:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-3229"
},
{
"name": "ADV-2010-1931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1931"
},
{
"name": "41945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41945"
},
{
"name": "FEDORA-2010-11413",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
},
{
"name": "DSA-2076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2076"
},
{
"name": "1024247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024247"
},
{
"name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
},
{
"name": "38877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38877"
},
{
"name": "40841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
},
{
"name": "40718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40718"
},
{
"name": "ADV-2010-3125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3125"
},
{
"name": "ADV-2010-1950",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1950"
},
{
"name": "SSA:2010-240-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
},
{
"name": "ADV-2010-2217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-08T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
},
{
"name": "ADV-2010-1988",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1988"
},
{
"name": "SUSE-SR:2010:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-3229"
},
{
"name": "ADV-2010-1931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1931"
},
{
"name": "41945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41945"
},
{
"name": "FEDORA-2010-11413",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
},
{
"name": "DSA-2076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2076"
},
{
"name": "1024247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024247"
},
{
"name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
},
{
"name": "38877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38877"
},
{
"name": "40841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
},
{
"name": "40718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40718"
},
{
"name": "ADV-2010-3125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3125"
},
{
"name": "ADV-2010-1950",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1950"
},
{
"name": "SSA:2010-240-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
},
{
"name": "ADV-2010-2217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2217"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2547",
"datePublished": "2010-08-05T18:00:00",
"dateReserved": "2010-06-30T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0366
Vulnerability from cvelistv5
Published
2005-02-11 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.osvdb.org/13775 | vdb-entry, x_refsource_OSVDB | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:057 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.kb.cert.org/vuls/id/303094 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1013166 | vdb-entry, x_refsource_SECTRACK | |
| http://www.pgp.com/library/ctocorner/openpgp.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/12529 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/2005_07_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://eprint.iacr.org/2005/033.pdf | x_refsource_MISC | |
| http://eprint.iacr.org/2005/033 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200503-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml"
},
{
"name": "13775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13775"
},
{
"name": "MDKSA-2005:057",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:057"
},
{
"name": "VU#303094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/303094"
},
{
"name": "1013166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pgp.com/library/ctocorner/openpgp.html"
},
{
"name": "12529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12529"
},
{
"name": "SUSE-SR:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_sr.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2005/033.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2005/033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200503-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml"
},
{
"name": "13775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13775"
},
{
"name": "MDKSA-2005:057",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:057"
},
{
"name": "VU#303094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/303094"
},
{
"name": "1013166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pgp.com/library/ctocorner/openpgp.html"
},
{
"name": "12529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12529"
},
{
"name": "SUSE-SR:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_sr.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2005/033.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2005/033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200503-29",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml"
},
{
"name": "13775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13775"
},
{
"name": "MDKSA-2005:057",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:057"
},
{
"name": "VU#303094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/303094"
},
{
"name": "1013166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013166"
},
{
"name": "http://www.pgp.com/library/ctocorner/openpgp.html",
"refsource": "CONFIRM",
"url": "http://www.pgp.com/library/ctocorner/openpgp.html"
},
{
"name": "12529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12529"
},
{
"name": "SUSE-SR:2005:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_07_sr.html"
},
{
"name": "http://eprint.iacr.org/2005/033.pdf",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2005/033.pdf"
},
{
"name": "http://eprint.iacr.org/2005/033",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2005/033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0366",
"datePublished": "2005-02-11T05:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0837
Vulnerability from cvelistv5
Published
2019-11-29 21:10
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3184 | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3185 | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html | x_refsource_CONFIRM | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html | x_refsource_CONFIRM | |
| https://ieeexplore.ieee.org/document/7163050 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ieeexplore.ieee.org/document/7163050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Libgcrypt",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "before 1.6.3"
}
]
},
{
"product": "GnuPG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "before 1.4.19"
}
]
}
],
"datePublic": "2012-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T21:10:03",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ieeexplore.ieee.org/document/7163050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Libgcrypt",
"version": {
"version_data": [
{
"version_value": "before 1.6.3"
}
]
}
},
{
"product_name": "GnuPG",
"version": {
"version_data": [
{
"version_value": "before 1.4.19"
}
]
}
}
]
},
"vendor_name": "GNU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3184",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"name": "http://www.debian.org/security/2015/dsa-3185",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
"refsource": "CONFIRM",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
"refsource": "CONFIRM",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"name": "https://ieeexplore.ieee.org/document/7163050",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/7163050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0837",
"datePublished": "2019-11-29T21:10:03",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}