ID CVE-2001-0522
Summary Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:privacy_guard:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:privacy_guard:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:privacy_guard:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2001:073
refmap via4
bid 2797
bugtraq
  • 20010529 [synnergy] - GnuPG remote format string vulnerability
  • 20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
caldera CSSA-2001-020.0
cert-vn VU#403051
conectiva CLA-2001:399
confirm http://www.gnupg.org/whatsnew.html#rn20010529
debian DSA-061
immunix IMNX-2001-70-023-01
mandrake MDKSA-2001:053
osvdb 1845
suse SuSE-SA:2001:020
turbo TLSA2001028
xf gnupg-tty-format-string(6642)
Last major update 03-05-2018 - 01:29
Published 14-08-2001 - 04:00
Last modified 03-05-2018 - 01:29
Back to Top