All the vulnerabilites related to gnu - privacy_guard
Vulnerability from fkie_nvd
Published
2006-12-07 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.2.4 | |
| gnu | privacy_guard | 1.2.5 | |
| gnu | privacy_guard | 1.2.6 | |
| gnu | privacy_guard | 1.2.7 | |
| gnu | privacy_guard | 1.3.3 | |
| gnu | privacy_guard | 1.3.4 | |
| gnu | privacy_guard | 1.4 | |
| gnu | privacy_guard | 1.4.1 | |
| gnu | privacy_guard | 1.4.2 | |
| gnu | privacy_guard | 1.4.2.1 | |
| gnu | privacy_guard | 1.4.2.2 | |
| gnu | privacy_guard | 1.4.3 | |
| gnu | privacy_guard | 1.4.4 | |
| gnu | privacy_guard | 1.4.5 | |
| gnu | privacy_guard | 1.9.10 | |
| gnu | privacy_guard | 1.9.15 | |
| gnu | privacy_guard | 1.9.20 | |
| gnu | privacy_guard | 2.0 | |
| gnu | privacy_guard | 2.0.1 | |
| gpg4win | gpg4win | 1.0.7 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | fedora_core | core_5.0 | |
| redhat | fedora_core | core6 | |
| redhat | linux_advanced_workstation | 2.1 | |
| rpath | linux | 1 | |
| slackware | slackware_linux | 11.0 | |
| ubuntu | ubuntu_linux | 5.10 | |
| ubuntu | ubuntu_linux | 6.06 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76CAFD24-E53F-488C-BD9F-BE31D30828AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74589745-A9A6-44DB-B4F0-B61B663ECA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B99CB-5950-42E7-ACD5-38457CBE9095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "205C014A-236B-44CF-A92D-B4D6392FF9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F412ECF0-DA84-47B8-98FD-06019C9E63E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE04D970-A467-4648-B99C-895BA8BEE79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C79DC753-35CB-46FA-BDE4-650BD1730505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F54DA969-ABAA-4021-9EC3-C30A45D1A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B68B13-DC1F-46AB-B360-D04E48A0939F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE65D839-7798-4DE4-AA89-765E91FC6A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B256D201-D3E1-472F-8B4F-8D6D5D763003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1151E8-E9D3-4244-9765-B06D07848AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "345FBFB9-7FA3-4F7D-B605-A38054744F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "859126BF-7327-4C54-AE2E-4A961911C937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7461ED0D-1DC2-4019-BEC0-2E9AF2724371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3FA38E-5BF1-4CDA-AB4F-19150FD3EE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "047F3D25-1795-494A-93AC-9AF80AC72680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
"matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*",
"matchCriteriaId": "E007512B-2A01-4915-82D1-EDDEE8ED3190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
"matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B66383-4124-4579-BC8E-36DBE7ABB543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE3B4BE-7B43-47C7-823A-C019DF12498F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9460AD-229A-4DC2-BFBA-818640A464AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de \"escritura en pila\" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a funci\u00f3n que est\u00e1 en memoria (en la pila) que ya ha sido liberada."
}
],
"id": "CVE-2006-6235",
"lastModified": "2024-11-21T00:22:13.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-07T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23245"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23250"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23255"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23259"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23269"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23290"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23299"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23303"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23329"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23335"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23513"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24047"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017349"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
],
"id": "CVE-2001-0072",
"lastModified": "2024-11-20T23:34:31.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1702"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-13 21:06
Modified
2024-11-21 00:05
Severity ?
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b | |
| gnu | privacy_guard | 1.0.4 | |
| gnu | privacy_guard | 1.0.5 | |
| gnu | privacy_guard | 1.0.6 | |
| gnu | privacy_guard | 1.0.7 | |
| gnu | privacy_guard | 1.2 | |
| gnu | privacy_guard | 1.2.1 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.3 | |
| gnu | privacy_guard | 1.2.4 | |
| gnu | privacy_guard | 1.2.5 | |
| gnu | privacy_guard | 1.2.6 | |
| gnu | privacy_guard | 1.2.7 | |
| gnu | privacy_guard | 1.3.3 | |
| gnu | privacy_guard | 1.3.4 | |
| gnu | privacy_guard | 1.4 | |
| gnu | privacy_guard | 1.4.1 | |
| gnu | privacy_guard | 1.4.2 | |
| gnu | privacy_guard | 1.4.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76CAFD24-E53F-488C-BD9F-BE31D30828AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74589745-A9A6-44DB-B4F0-B61B663ECA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B99CB-5950-42E7-ACD5-38457CBE9095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "205C014A-236B-44CF-A92D-B4D6392FF9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F412ECF0-DA84-47B8-98FD-06019C9E63E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE04D970-A467-4648-B99C-895BA8BEE79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C79DC753-35CB-46FA-BDE4-650BD1730505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"id": "CVE-2006-0049",
"lastModified": "2024-11-21T00:05:32.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-13T21:06:00.000",
"references": [
{
"source": "security@debian.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"source": "security@debian.org",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19173"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19197"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19203"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19231"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19232"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19234"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19244"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19249"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19287"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/450"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/568"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/23790"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"source": "security@debian.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "security@debian.org",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"source": "security@debian.org",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/23790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/264-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 7.1 | |
| gnu | privacy_guard | 7.2 | |
| gnu | privacy_guard | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DEE6D0-8097-4451-9699-F17FAE499578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42ED2FF0-A7B9-45B2-845E-320084C1747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949ABA95-B06C-4398-AC26-1EC0D916DA69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
],
"id": "CVE-2001-0522",
"lastModified": "2024-11-20T23:35:33.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"source": "cve@mitre.org",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"source": "cve@mitre.org",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1845"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-15 22:06
Modified
2024-11-21 00:06
Severity ?
Summary
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b | |
| gnu | privacy_guard | 1.0.4 | |
| gnu | privacy_guard | 1.0.5 | |
| gnu | privacy_guard | 1.0.6 | |
| gnu | privacy_guard | 1.0.7 | |
| gnu | privacy_guard | 1.2 | |
| gnu | privacy_guard | 1.2.1 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.3 | |
| gnu | privacy_guard | 1.2.4 | |
| gnu | privacy_guard | 1.2.5 | |
| gnu | privacy_guard | 1.2.6 | |
| gnu | privacy_guard | 1.2.7 | |
| gnu | privacy_guard | 1.3.3 | |
| gnu | privacy_guard | 1.3.4 | |
| gnu | privacy_guard | 1.4 | |
| gnu | privacy_guard | 1.4.1 | |
| gnu | privacy_guard | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76CAFD24-E53F-488C-BD9F-BE31D30828AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74589745-A9A6-44DB-B4F0-B61B663ECA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B99CB-5950-42E7-ACD5-38457CBE9095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "205C014A-236B-44CF-A92D-B4D6392FF9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F412ECF0-DA84-47B8-98FD-06019C9E63E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE04D970-A467-4648-B99C-895BA8BEE79B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\"."
},
{
"lang": "es",
"value": "gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificaci\u00f3n de firma desatendida, devuelve un c\u00f3digo de salida 0 en algunos casos, incluso cuando el archivo de firma acompa\u00f1ante no lleva una firma, esto puede provocar que los programas que usen gpgv asuman que la verificaci\u00f3n de la firma ha tenido \u00e9xito. Nota: Esto tambi\u00e9n ocurre cuando se ejecuta el comando equivalente \"gpg --verify\"."
}
],
"id": "CVE-2006-0455",
"lastModified": "2024-11-21T00:06:30.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-15T22:06:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18845"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18933"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18934"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18942"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18955"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18956"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18968"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19249"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/23221"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-15 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b | |
| gnu | privacy_guard | 1.0.4 | |
| gnu | privacy_guard | 1.0.5 | |
| gnu | privacy_guard | 1.0.6 | |
| gnu | privacy_guard | 1.0.7 | |
| gnu | privacy_guard | 1.2 | |
| gnu | privacy_guard | 1.2.1 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51820-D735-44FC-95BB-A473FFDE9D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FB2C28-0E4D-4AE3-A2CC-0197FE578074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2224AF-EA7B-4A3D-8B23-7FC59D66E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2B3B44-941E-4007-B58A-16E85B87CB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
},
{
"lang": "es",
"value": "GnuPG (GPG) 1.0.2 y otras versiones anteriores a 1.2.3 crea claves firma+cifra ElGamal usando el mismo componente para cifrado y para firma, lo que permite a atacantes determinar la clave privada a partir de una firma."
}
],
"id": "CVE-2003-0971",
"lastModified": "2024-11-20T23:45:59.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10304"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10349"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10399"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 | |
| gnu | privacy_guard | 1.0.3b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E888-E83C-4A62-AA84-F2C9F2AF12FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
],
"id": "CVE-2001-0071",
"lastModified": "2024-11-20T23:34:31.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1699"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "377F09FD-8BC6-45D2-8712-2180DBEA3F84",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
},
{
"lang": "es",
"value": "El c\u00f3digo de validaci\u00f3n de claves en GnuPG 1.2.2 no determina adecuadamente la validez de claves con m\u00faltiples IDs de usuario y asigna la m\u00e1xima validez (de la ID de usuario m\u00e1s v\u00e1lida), lo que impide que GnuPG advierta cuando algunas de las ID no tengan un \"trusted path\"."
}
],
"id": "CVE-2003-0255",
"lastModified": "2024-11-20T23:44:19.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4947"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-05 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.2 | |
| gnu | privacy_guard | 1.2.1 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.2 | |
| gnu | privacy_guard | 1.2.3 | |
| gnu | privacy_guard | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49A642D7-007E-479D-963E-A74AAE195A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86144B81-D321-4ECA-937F-FFA8A043FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A93CAE1-0DFC-43E1-997D-22CDC338D3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9896332E-819B-4392-B704-B143DBBE90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B641ED5-4326-43E7-BF42-982B44478A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AF47A-56BA-4D90-A4D4-D7A37333A117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en el cliente de GnuPG (gpg) 1.2.2 y anteriores permite a atacantes remotos o a un servidor de claves malicioso causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario durante un obtenci\u00f3n de clave."
}
],
"id": "CVE-2003-0978",
"lastModified": "2024-11-20T23:46:02.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.0 | |
| gnu | privacy_guard | 1.0.1 | |
| gnu | privacy_guard | 1.0.2 | |
| gnu | privacy_guard | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E054978B-8466-4D12-B7DC-7E72CC57F0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38F964B-C5D1-4177-BD31-7AB4083CC431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF7811A-B254-4829-AED2-C70BD5C82592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED862B-6278-41ED-9619-115E6552AFBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
],
"id": "CVE-2000-0974",
"lastModified": "2024-11-20T23:33:42.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1608"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-0072
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2000/20001225b | vendor-advisory, x_refsource_DEBIAN | |
| http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/2153 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5803 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/152197 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/1702 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0072",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:54.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0455
Vulnerability from cvelistv5
Published
2006-02-15 22:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "16663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16663"
},
{
"name": "18956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18956"
},
{
"name": "2006-0008",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0008"
},
{
"name": "[gnupg-devel] 20060215 [Announce] False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=gnupg-devel\u0026m=113999098729114\u0026w=2"
},
{
"name": "OpenPKG-SA-2006.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.001-gnupg.html"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425289/100/0/threaded"
},
{
"name": "18934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18934"
},
{
"name": "FEDORA-2006-116",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2006-116.shtml"
},
{
"name": "gnupg-gpgv-improper-verification(24744)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24744"
},
{
"name": "oval:org.mitre.oval:def:10084",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10084"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "18955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18955"
},
{
"name": "[gnupg-announce] 20060215 False positive signature verification in GnuPG",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "GLSA-200602-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "18933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18933"
},
{
"name": "DSA-978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-978"
},
{
"name": "23221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23221"
},
{
"name": "USN-252-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-252-1"
},
{
"name": "18968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18968"
},
{
"name": "18845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18845"
},
{
"name": "18942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18942"
},
{
"name": "MDKSA-2006:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:043"
},
{
"name": "ADV-2006-0610",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0610"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-0455",
"datePublished": "2006-02-15T22:00:00",
"dateReserved": "2006-01-27T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0049
Vulnerability from cvelistv5
Published
2006-03-13 21:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-264-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-0049",
"datePublished": "2006-03-13T21:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0978
Vulnerability from cvelistv5
Published
2003-12-10 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s-quadra.com/advisories/Adv-20031203.txt | x_refsource_MISC | |
| http://www.novell.com/linux/security/advisories/2003_048_gpg.html | vendor-advisory, x_refsource_SUSE | |
| http://marc.info/?l=bugtraq&m=107047470625214&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13892 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s-quadra.com/advisories/Adv-20031203.txt",
"refsource": "MISC",
"url": "http://www.s-quadra.com/advisories/Adv-20031203.txt"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107047470625214\u0026w=2"
},
{
"name": "gnupg-gpgkeyshkp-format-string(13892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0978",
"datePublished": "2003-12-10T05:00:00",
"dateReserved": "2003-12-09T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0071
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2000/20001225b | vendor-advisory, x_refsource_DEBIAN | |
| http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/2141 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5802 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/152197 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/1699 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0071",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6235
Vulnerability from cvelistv5
Published
2006-12-07 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017349"
},
{
"name": "23269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23269"
},
{
"name": "23303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23303"
},
{
"name": "20061206 rPSA-2006-0227-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded"
},
{
"name": "23255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23255"
},
{
"name": "USN-393-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-1"
},
{
"name": "23513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23284"
},
{
"name": "USN-393-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-393-2"
},
{
"name": "23245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23245"
},
{
"name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html"
},
{
"name": "VU#427009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/427009"
},
{
"name": "SUSE-SR:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "RHSA-2006:0754",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
},
{
"name": "DSA-1231",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1231"
},
{
"name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded"
},
{
"name": "23335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23335"
},
{
"name": "23299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23299"
},
{
"name": "21462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21462"
},
{
"name": "2006-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23329"
},
{
"name": "GLSA-200612-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
},
{
"name": "23259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23259"
},
{
"name": "MDKSA-2006:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228"
},
{
"name": "23290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23290"
},
{
"name": "https://issues.rpath.com/browse/RPL-835",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-835"
},
{
"name": "SUSE-SA:2006:075",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
},
{
"name": "ADV-2006-4881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4881"
},
{
"name": "oval:org.mitre.oval:def:11245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245"
},
{
"name": "23250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23250"
},
{
"name": "20061201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "gnupg-openpgp-code-execution(30711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711"
},
{
"name": "OpenPKG-SA-2006.037",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "24047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6235",
"datePublished": "2006-12-07T11:00:00",
"dateReserved": "2006-12-02T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0255
Vulnerability from cvelistv5
Published
2003-05-07 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:46.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TLSA200334",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TLSA200334",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105362224514081\u0026w=2"
},
{
"name": "7497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105311804129104\u0026w=2"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource": "MISC",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000694"
},
{
"name": "RHSA-2003:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"refsource": "ENGARDE",
"url": "http://marc.info/?l=bugtraq\u0026m=105301357425157\u0026w=2"
},
{
"name": "VU#397604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105215110111174\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0255",
"datePublished": "2003-05-07T04:00:00",
"dateReserved": "2003-05-06T00:00:00",
"dateUpdated": "2024-08-08T01:50:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0522
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"name": "http://www.gnupg.org/whatsnew.html#rn20010529",
"refsource": "CONFIRM",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0522",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-06-18T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0971
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-395.html"
},
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "SuSE-SA:2003:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html"
},
{
"name": "VU#940388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940388"
},
{
"name": "10349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10349"
},
{
"name": "20031127 GnuPG\u0027s ElGamal signing keys compromised",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106995769213221\u0026w=2"
},
{
"name": "DSA-429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-429"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html"
},
{
"name": "9115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9115"
},
{
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html",
"refsource": "CONFIRM",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html"
},
{
"name": "RHSA-2003:390",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-390.html"
},
{
"name": "oval:org.mitre.oval:def:10982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982"
},
{
"name": "10399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10399"
},
{
"name": "10304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10304"
},
{
"name": "MDKSA-2003:109",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109"
},
{
"name": "CLA-2003:798",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000798"
},
{
"name": "10400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0971",
"datePublished": "2003-12-02T05:00:00",
"dateReserved": "2003-12-01T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0974
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2000/20001111 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5386 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2000-089.html | vendor-advisory, x_refsource_REDHAT | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.securityfocus.com/bid/1797 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/1608 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt | vendor-advisory, x_refsource_CALDERA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0974",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}