Search CVE reports
1 – 10 of 23 results
CVE-2022-3219
Low priorityGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | Not in release | Not in release | Not in release | Vulnerable |
gnupg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-34903
Medium priorityGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | Not in release | Not in release | Not in release | Fixed |
gnupg2 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-25125
Medium priorityGnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow...
1 affected package
gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg2 | — | — | Not affected | Not affected | Not affected |
CVE-2019-14855
Low prioritySome fixes available 1 of 19
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
3 affected packages
gnupg, gnupg1, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gnupg1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
gnupg2 | Not affected | Not affected | Not affected | Fixed | Ignored |
CVE-2019-13050
Low prioritySome fixes available 1 of 12
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network....
3 affected packages
gnupg, gnupg2, sks
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gnupg2 | Not affected | Not affected | Not affected | Fixed | Ignored |
sks | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-1000858
Medium priorityGnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must...
1 affected package
gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg2 | — | — | — | Fixed | Not affected |
CVE-2018-12020
Medium prioritySome fixes available 23 of 40
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the...
5 affected packages
enigmail, gnupg, gnupg1, gnupg2, python-gnupg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
enigmail | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gnupg | Not in release | Not in release | Not in release | Not in release | Fixed |
gnupg1 | Not affected | Not affected | Not affected | Vulnerable | Not in release |
gnupg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
python-gnupg | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-9234
Low priorityGnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Not affected |
gnupg2 | — | — | — | Fixed | Not affected |
CVE-2016-6313
High priorityThe mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...
4 affected packages
gnupg, gnupg2, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Fixed |
gnupg2 | — | — | — | Not affected | Not affected |
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Fixed | Fixed |
CVE-2015-1607
Low prioritySome fixes available 7 of 8
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a...
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
gnupg2 | — | — | — | — | — |