fkie_cve-2012-6085
Vulnerability from fkie_nvd
Published
2013-01-24 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
References
secalert@redhat.comhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1459.html
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:001
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/01/6
secalert@redhat.comhttp://www.securityfocus.com/bid/57102
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1682-1
secalert@redhat.comhttps://bugs.g10code.com/gnupg/issue1455Exploit
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=891142
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80990
af854a3a-2127-422b-91ae-364da2661108http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1459.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:001
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/01/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57102
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1682-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.g10code.com/gnupg/issue1455Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=891142
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80990
Impacted products
Vendor Product Version
gnupg gnupg 1.4.0
gnupg gnupg 1.4.2
gnupg gnupg 1.4.3
gnupg gnupg 1.4.4
gnupg gnupg 1.4.5
gnupg gnupg 1.4.8
gnupg gnupg 1.4.10
gnupg gnupg 1.4.11
gnupg gnupg 1.4.12
gnupg gnupg 2.0
gnupg gnupg 2.0.1
gnupg gnupg 2.0.3
gnupg gnupg 2.0.4
gnupg gnupg 2.0.5
gnupg gnupg 2.0.6
gnupg gnupg 2.0.7
gnupg gnupg 2.0.8
gnupg gnupg 2.0.10
gnupg gnupg 2.0.11
gnupg gnupg 2.0.12
gnupg gnupg 2.0.13
gnupg gnupg 2.0.14
gnupg gnupg 2.0.15
gnupg gnupg 2.0.16
gnupg gnupg 2.0.17
gnupg gnupg 2.0.18
gnupg gnupg 2.0.19


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28374619-966D-4F38-B83E-A6296F27CC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A28CDF-F2AF-4D49-9FB1-AED34A758289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6399A22D-90DF-4CB5-9367-0C5242BD1A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA6934A-3D02-4749-A147-BE538C0AF27F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6150E3-1D7C-44DA-BA57-35AB26F881B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB20A34-5E11-4D70-B3DE-66DD9863AE0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA47467D-3D96-46DB-B0AC-D28586829710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B68F2F-0718-4C87-9629-4657DC49EECC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C64072-FC9C-4CA9-9752-3BC08839E319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C14D838-595F-4D1C-88B9-073937316923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF8F2C7-574C-4768-ABAA-E3D9236299CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "113D566B-B596-4612-9D11-E238602A603E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFC52C5-1148-4AC6-AAA2-8343E0C2029E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E370B-4D2E-4EEC-A3EB-47AA9283278D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3C52E7-454B-4FE9-9068-87ACB2925A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B62D8E-3A37-4D7A-B674-06FFD80B86FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D27E52-B850-4BC0-B81A-A031BC50514B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0035132-40B2-4C7E-B6E3-F70117F3FC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2D7B2D-CEBC-42BA-90E0-5C71BA39F5BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0626EEB2-39B3-4154-9F99-027057B33D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "752E350F-E1EB-47CE-95E7-F990F4453BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F223B411-B9A6-49D4-A9BA-4FBF74B85A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9C4712-169A-4010-B143-98690803E5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E76177-9B90-40F2-AB9D-7C7249DEC497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A384E132-188E-40AC-84C9-D46A589EE766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "27BE1F8C-EE11-4E9B-9745-037F3AC7CC63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n \"read_block\" en g10/import.c en GnuPG v1.4.x anterior a v1.4.13 y v2.0.x a la v2.0.19, cuando se importa una clave, permite a atacantes remotos corromper la base de datos del anillo de claves publicas (ca\u00edda de la aplicaci\u00f3n) o causar una denegaci\u00f3n de servicio a trav\u00e9s de la modificaci\u00f3n de a longitud de campo de un paquete OpenPGP."
    }
  ],
  "id": "CVE-2012-6085",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-24T01:55:03.740",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57102"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1682-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.g10code.com/gnupg/issue1455"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095513.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095516.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/01/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1682-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.g10code.com/gnupg/issue1455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80990"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.