Vulnerabilites related to gpg4win - gpg4win
cve-2009-3805
Vulnerability from cvelistv5
Published
2009-10-27 16:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/36781 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53908 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:38:30.313Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", }, { name: "36781", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36781", }, { name: "gpg4win-gpg2-dos(53908)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53908", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-10-22T00:00:00", descriptions: [ { lang: "en", value: "gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", }, { name: "36781", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36781", }, { name: "gpg4win-gpg2-dos(53908)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53908", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", refsource: "MISC", url: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", }, { name: "36781", refsource: "BID", url: "http://www.securityfocus.com/bid/36781", }, { name: "gpg4win-gpg2-dos(53908)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53908", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3805", datePublished: "2009-10-27T16:00:00", dateReserved: "2009-10-27T00:00:00", dateUpdated: "2024-08-07T06:38:30.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-6235
Vulnerability from cvelistv5
Published
2006-12-07 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:19:35.196Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1017349", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017349", }, { name: "23269", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23269", }, { name: "23303", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23303", }, { name: "20061206 rPSA-2006-0227-1 gnupg", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/453723/100/0/threaded", }, { name: "23255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23255", }, { name: "USN-393-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-393-1", }, { name: "23513", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23513", }, { name: "23284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23284", }, { name: "USN-393-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-393-2", }, { name: "23245", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23245", }, { name: "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html", }, { name: "VU#427009", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/427009", }, { name: "SUSE-SR:2006:028", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_28_sr.html", }, { name: "RHSA-2006:0754", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0754.html", }, { name: "DSA-1231", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1231", }, { name: "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/453664/100/0/threaded", }, { name: "23335", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23335", }, { name: "23299", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23299", }, { name: "21462", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21462", }, { name: "2006-0070", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0070", }, { name: "23329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23329", }, { name: "GLSA-200612-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200612-03.xml", }, { name: "23259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23259", }, { name: "MDKSA-2006:228", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228", }, { name: "23290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-835", }, { name: "SUSE-SA:2006:075", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", }, { name: "ADV-2006-4881", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4881", }, { name: "oval:org.mitre.oval:def:11245", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245", }, { name: "23250", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23250", }, { name: "20061201-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc", }, { name: "gnupg-openpgp-code-execution(30711)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711", }, { name: "OpenPKG-SA-2006.037", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html", }, { name: "24047", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24047", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-12-06T00:00:00", descriptions: [ { lang: "en", value: "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1017349", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017349", }, { name: "23269", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23269", }, { name: "23303", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23303", }, { name: "20061206 rPSA-2006-0227-1 gnupg", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/453723/100/0/threaded", }, { name: "23255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23255", }, { name: "USN-393-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-393-1", }, { name: "23513", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23513", }, { name: "23284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23284", }, { name: "USN-393-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-393-2", }, { name: "23245", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23245", }, { name: "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html", }, { name: "VU#427009", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/427009", }, { name: "SUSE-SR:2006:028", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_28_sr.html", }, { name: "RHSA-2006:0754", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0754.html", }, { name: "DSA-1231", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1231", }, { name: "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/453664/100/0/threaded", }, { name: "23335", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23335", }, { name: "23299", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23299", }, { name: "21462", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21462", }, { name: "2006-0070", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0070", }, { name: "23329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23329", }, { name: "GLSA-200612-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200612-03.xml", }, { name: "23259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23259", }, { name: "MDKSA-2006:228", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228", }, { name: "23290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-835", }, { name: "SUSE-SA:2006:075", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", }, { name: "ADV-2006-4881", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4881", }, { name: "oval:org.mitre.oval:def:11245", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245", }, { name: "23250", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23250", }, { name: "20061201-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc", }, { name: "gnupg-openpgp-code-execution(30711)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711", }, { name: "OpenPKG-SA-2006.037", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html", }, { name: "24047", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24047", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-6235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1017349", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017349", }, { name: "23269", refsource: "SECUNIA", url: "http://secunia.com/advisories/23269", }, { name: "23303", refsource: "SECUNIA", url: "http://secunia.com/advisories/23303", }, { name: "20061206 rPSA-2006-0227-1 gnupg", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/453723/100/0/threaded", }, { name: "23255", refsource: "SECUNIA", url: "http://secunia.com/advisories/23255", }, { name: "USN-393-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-393-1", }, { name: "23513", refsource: "SECUNIA", url: "http://secunia.com/advisories/23513", }, { name: "23284", refsource: "SECUNIA", url: "http://secunia.com/advisories/23284", }, { name: "USN-393-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-393-2", }, { name: "23245", refsource: "SECUNIA", url: "http://secunia.com/advisories/23245", }, { name: "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]", refsource: "MLIST", url: "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html", }, { name: "VU#427009", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/427009", }, { name: "SUSE-SR:2006:028", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_28_sr.html", }, { name: "RHSA-2006:0754", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2006-0754.html", }, { name: "DSA-1231", refsource: "DEBIAN", url: "http://www.debian.org/security/2006/dsa-1231", }, { name: "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/453664/100/0/threaded", }, { name: "23335", refsource: "SECUNIA", url: "http://secunia.com/advisories/23335", }, { name: "23299", refsource: "SECUNIA", url: "http://secunia.com/advisories/23299", }, { name: "21462", refsource: "BID", url: "http://www.securityfocus.com/bid/21462", }, { name: "2006-0070", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2006/0070", }, { name: "23329", refsource: "SECUNIA", url: "http://secunia.com/advisories/23329", }, { name: "GLSA-200612-03", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200612-03.xml", }, { name: "23259", refsource: "SECUNIA", url: "http://secunia.com/advisories/23259", }, { name: "MDKSA-2006:228", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228", }, { name: "23290", refsource: "SECUNIA", url: "http://secunia.com/advisories/23290", }, { name: "https://issues.rpath.com/browse/RPL-835", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-835", }, { name: "SUSE-SA:2006:075", refsource: "SUSE", url: "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", }, { name: "ADV-2006-4881", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/4881", }, { name: "oval:org.mitre.oval:def:11245", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245", }, { name: "23250", refsource: "SECUNIA", url: "http://secunia.com/advisories/23250", }, { name: "20061201-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc", }, { name: "gnupg-openpgp-code-execution(30711)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711", }, { name: "OpenPKG-SA-2006.037", refsource: "OPENPKG", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html", }, { name: "24047", refsource: "SECUNIA", url: "http://secunia.com/advisories/24047", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-6235", datePublished: "2006-12-07T11:00:00", dateReserved: "2006-12-02T00:00:00", dateUpdated: "2024-08-07T20:19:35.196Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3515
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:02.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { tags: [ "x_transferred", ], url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, { tags: [ "x_transferred", ], url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libksba", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in libksba v1.6.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 - Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-06T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, { url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3515", datePublished: "2023-01-12T00:00:00", dateReserved: "2022-10-14T00:00:00", dateUpdated: "2024-08-03T01:14:02.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25125
Vulnerability from cvelistv5
Published
2020-09-03 17:48
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.opensuse.org/show_bug.cgi?id=1176034 | x_refsource_MISC | |
| https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc | x_refsource_MISC | |
| https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html | x_refsource_MISC | |
| https://dev.gnupg.org/T5050 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/03/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/09/03/5 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:26:09.468Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://dev.gnupg.org/T5050", }, { name: "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/4", }, { name: "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-03T20:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", }, { tags: [ "x_refsource_MISC", ], url: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", }, { tags: [ "x_refsource_MISC", ], url: "https://dev.gnupg.org/T5050", }, { name: "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/4", }, { name: "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25125", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", refsource: "MISC", url: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", }, { name: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", refsource: "MISC", url: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", }, { name: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", refsource: "MISC", url: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", }, { name: "https://dev.gnupg.org/T5050", refsource: "MISC", url: "https://dev.gnupg.org/T5050", }, { name: "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/09/03/4", }, { name: "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/09/03/5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25125", datePublished: "2020-09-03T17:48:07", dateReserved: "2020-09-03T00:00:00", dateUpdated: "2024-08-04T15:26:09.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2009-10-27 16:30
Modified
2024-11-21 01:08
Severity ?
Summary
gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kde-apps:kleopatra:2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "528A6E9B-F2DC-46CE-9B02-7EBE9BE4E6CA", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:gpg4win:gpg4win:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "320392D3-2B1B-4EA2-B779-AA0FCBE0D6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.", }, { lang: "es", value: "gpg2.exe en Gpg4win v2.0.1, como el usado en KDE Kleopatra v2.0.11, permite a atacantes remotos causar una denegación de servicio (caída de programa) a través de una firma certificada larga.", }, ], id: "CVE-2009-3805", lastModified: "2024-11-21T01:08:13.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-10-27T16:30:00.407", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/36781", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53908", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/36781", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53908", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-12-07 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | privacy_guard | 1.2.4 | |
| gnu | privacy_guard | 1.2.5 | |
| gnu | privacy_guard | 1.2.6 | |
| gnu | privacy_guard | 1.2.7 | |
| gnu | privacy_guard | 1.3.3 | |
| gnu | privacy_guard | 1.3.4 | |
| gnu | privacy_guard | 1.4 | |
| gnu | privacy_guard | 1.4.1 | |
| gnu | privacy_guard | 1.4.2 | |
| gnu | privacy_guard | 1.4.2.1 | |
| gnu | privacy_guard | 1.4.2.2 | |
| gnu | privacy_guard | 1.4.3 | |
| gnu | privacy_guard | 1.4.4 | |
| gnu | privacy_guard | 1.4.5 | |
| gnu | privacy_guard | 1.9.10 | |
| gnu | privacy_guard | 1.9.15 | |
| gnu | privacy_guard | 1.9.20 | |
| gnu | privacy_guard | 2.0 | |
| gnu | privacy_guard | 2.0.1 | |
| gpg4win | gpg4win | 1.0.7 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | fedora_core | core_5.0 | |
| redhat | fedora_core | core6 | |
| redhat | linux_advanced_workstation | 2.1 | |
| rpath | linux | 1 | |
| slackware | slackware_linux | 11.0 | |
| ubuntu | ubuntu_linux | 5.10 | |
| ubuntu | ubuntu_linux | 6.06 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:privacy_guard:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "76CAFD24-E53F-488C-BD9F-BE31D30828AD", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "A5D3628A-3BDD-4C6F-AE7D-C81FC3EE1630", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "74589745-A9A6-44DB-B4F0-B61B663ECA21", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "BB2B99CB-5950-42E7-ACD5-38457CBE9095", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "D81AF47A-56BA-4D90-A4D4-D7A37333A117", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.3.4:*:*:*:*:*:*:*", matchCriteriaId: "E55DBB73-EF6C-4C46-9E5A-7C35D7FD190C", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4:*:*:*:*:*:*:*", matchCriteriaId: "205C014A-236B-44CF-A92D-B4D6392FF9A7", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F412ECF0-DA84-47B8-98FD-06019C9E63E0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "CE04D970-A467-4648-B99C-895BA8BEE79B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C79DC753-35CB-46FA-BDE4-650BD1730505", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "F54DA969-ABAA-4021-9EC3-C30A45D1A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "E1B68B13-DC1F-46AB-B360-D04E48A0939F", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "AE65D839-7798-4DE4-AA89-765E91FC6A42", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "B256D201-D3E1-472F-8B4F-8D6D5D763003", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.9.10:*:*:*:*:*:*:*", matchCriteriaId: "5C1151E8-E9D3-4244-9765-B06D07848AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.9.15:*:*:*:*:*:*:*", matchCriteriaId: "345FBFB9-7FA3-4F7D-B605-A38054744F4B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:1.9.20:*:*:*:*:*:*:*", matchCriteriaId: "859126BF-7327-4C54-AE2E-4A961911C937", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:2.0:*:*:*:*:*:*:*", matchCriteriaId: "7461ED0D-1DC2-4019-BEC0-2E9AF2724371", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:privacy_guard:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3C3FA38E-5BF1-4CDA-AB4F-19150FD3EE10", vulnerable: true, }, { criteria: "cpe:2.3:a:gpg4win:gpg4win:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "047F3D25-1795-494A-93AC-9AF80AC72680", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "F9440B25-D206-4914-9557-B5F030890DEC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E9933557-3BCA-4D92-AD4F-27758A0D3347", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", matchCriteriaId: "10A60552-15A5-4E95-B3CE-99A4B26260C1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7D74A418-50F0-42C0-ABBC-BBBE718FF025", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*", matchCriteriaId: "DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*", matchCriteriaId: "E007512B-2A01-4915-82D1-EDDEE8ED3190", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513", vulnerable: true, }, { criteria: "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*", matchCriteriaId: "A2B66383-4124-4579-BC8E-36DBE7ABB543", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "74022B69-6557-4746-9080-24E4DDA44026", vulnerable: true, }, { criteria: "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*", matchCriteriaId: "ADE3B4BE-7B43-47C7-823A-C019DF12498F", vulnerable: true, }, { criteria: "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*", matchCriteriaId: "AD9460AD-229A-4DC2-BFBA-818640A464AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.", }, { lang: "es", value: "Una vulnerabilidad de \"escritura en pila\" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada.", }, ], id: "CVE-2006-6235", lastModified: "2024-11-21T00:22:13.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-12-07T11:28:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc", }, { source: "cve@mitre.org", url: "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html", }, { source: "cve@mitre.org", url: "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23245", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23250", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23255", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23259", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23269", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23284", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23290", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23299", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23303", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23329", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23335", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23513", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/24047", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200612-03.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017349", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2006/dsa-1231", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/427009", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_28_sr.html", }, { source: "cve@mitre.org", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0754.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/453664/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/453723/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/21462", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2006/0070", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.ubuntu.com/usn/usn-393-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-393-2", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/4881", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711", }, { source: "cve@mitre.org", url: "https://issues.rpath.com/browse/RPL-835", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/23269", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200612-03.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/427009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_28_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0754.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/453664/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/453723/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/21462", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2006/0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ubuntu.com/usn/usn-393-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-393-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/4881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-03 18:15
Modified
2024-11-21 05:17
Severity ?
Summary
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:gnupg:2.2.21:*:*:*:*:*:*:*", matchCriteriaId: "36CA3361-1B43-4A9B-A941-01D6EEEDCEEA", vulnerable: true, }, { criteria: "cpe:2.3:a:gnupg:gnupg:2.2.22:*:*:*:*:*:*:*", matchCriteriaId: "74C78597-A629-4D17-A788-2388854223FC", vulnerable: true, }, { criteria: "cpe:2.3:a:gpg4win:gpg4win:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "4CF58960-B2B6-4A6A-8595-831786580911", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.", }, { lang: "es", value: "GnuPG versiones 2.2.21 y 2.2.22 (y Gpg4win versión 3.1.12), presenta un desbordamiento de la matriz, conllevando a un bloqueo o posiblemente otro impacto no especificado, cuando una víctima importa la clave OpenPGP de un atacante, y esta clave contiene preferencias AEAD. El desbordamiento es causado por un error en el archivo g10/key-check.c. NOTA: GnuPG versión 2.3.x, no está afectado. GnuPG versión 2.2.23 es una versión corregida", }, ], id: "CVE-2020-25125", lastModified: "2024-11-21T05:17:24.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-03T18:15:15.160", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/5", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://dev.gnupg.org/T5050", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/03/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://dev.gnupg.org/T5050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-12 15:15
Modified
2024-11-21 07:19
Severity ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*", matchCriteriaId: "05058020-26A0-4F46-9F30-F1CEF4AC330C", versionEndExcluding: "1.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gpg4win:gpg4win:*:*:*:*:*:*:*:*", matchCriteriaId: "FAB814C2-FA25-47AD-A418-2A47CC58CBE8", versionEndExcluding: "4.1.0", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:vs-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "63B1EC90-FBD7-48D7-8EE8-86D831CE94F6", versionEndExcluding: "3.1.26", versionStartIncluding: "3.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:gnupg:*:*:*:*:lts:*:*:*", matchCriteriaId: "87E3E8C5-03AE-46A0-B0DA-4E9C3BFA3E44", versionEndExcluding: "2.2.41", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:*", matchCriteriaId: "F52C07A1-3B7F-4A65-B03D-E8BDFF469B0C", versionEndExcluding: "2.4.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", }, { lang: "es", value: "Se encontró una vulnerabilidad en la librería Libksba debido a un desbordamiento de enteros dentro del analizador CRL. La vulnerabilidad se puede explotar de forma remota para la ejecución de código en el sistema de destino pasando datos especialmente manipulados a la aplicación, por ejemplo, un archivo adjunto S/MIME malicioso.", }, ], id: "CVE-2022-3515", lastModified: "2024-11-21T07:19:41.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-12T15:15:10.187", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }