FKIE_CVE-2012-6085

Vulnerability from fkie_nvd - Published: 2013-01-24 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
References
secalert@redhat.comhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1459.html
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:001
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/01/6
secalert@redhat.comhttp://www.securityfocus.com/bid/57102
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1682-1
secalert@redhat.comhttps://bugs.g10code.com/gnupg/issue1455Exploit
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=891142
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80990
af854a3a-2127-422b-91ae-364da2661108http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1459.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:001
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/01/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57102
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1682-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.g10code.com/gnupg/issue1455Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=891142
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80990
Impacted products
Vendor Product Version
gnupg gnupg 1.4.0
gnupg gnupg 1.4.2
gnupg gnupg 1.4.3
gnupg gnupg 1.4.4
gnupg gnupg 1.4.5
gnupg gnupg 1.4.8
gnupg gnupg 1.4.10
gnupg gnupg 1.4.11
gnupg gnupg 1.4.12
gnupg gnupg 2.0
gnupg gnupg 2.0.1
gnupg gnupg 2.0.3
gnupg gnupg 2.0.4
gnupg gnupg 2.0.5
gnupg gnupg 2.0.6
gnupg gnupg 2.0.7
gnupg gnupg 2.0.8
gnupg gnupg 2.0.10
gnupg gnupg 2.0.11
gnupg gnupg 2.0.12
gnupg gnupg 2.0.13
gnupg gnupg 2.0.14
gnupg gnupg 2.0.15
gnupg gnupg 2.0.16
gnupg gnupg 2.0.17
gnupg gnupg 2.0.18
gnupg gnupg 2.0.19
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n \"read_block\" en g10/import.c en GnuPG v1.4.x anterior a v1.4.13 y v2.0.x a la v2.0.19, cuando se importa una clave, permite a atacantes remotos corromper la base de datos del anillo de claves publicas (ca\u00edda de la aplicaci\u00f3n) o causar una denegaci\u00f3n de servicio a trav\u00e9s de la modificaci\u00f3n de a longitud de campo de un paquete OpenPGP."
    }
  ],
  "id": "CVE-2012-6085",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-24T01:55:03.740",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57102"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1682-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.g10code.com/gnupg/issue1455"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1682-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.g10code.com/gnupg/issue1455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.