Search CVE reports


Toggle filters

1 – 10 of 23 results


CVE-2022-3219

Low priority
Vulnerable

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Not in release Not in release Vulnerable
gnupg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-34903

Medium priority
Fixed

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Not in release Not in release Fixed
gnupg2 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-25125

Medium priority
Not affected

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow...

1 affected package

gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg2 Not affected Not affected Not affected
Show less packages

CVE-2019-14855

Low priority

Some fixes available 1 of 19

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

3 affected packages

gnupg, gnupg1, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Not in release Not in release Not in release Vulnerable
gnupg1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
gnupg2 Not affected Not affected Not affected Fixed Ignored
Show less packages

CVE-2019-13050

Low priority

Some fixes available 1 of 12

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network....

3 affected packages

gnupg, gnupg2, sks

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Not in release Not in release Not in release Vulnerable
gnupg2 Not affected Not affected Not affected Fixed Ignored
sks Not affected Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-1000858

Medium priority
Fixed

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must...

1 affected package

gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg2 Fixed Not affected
Show less packages

CVE-2018-12020

Medium priority

Some fixes available 23 of 40

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the...

5 affected packages

enigmail, gnupg, gnupg1, gnupg2, python-gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
enigmail Not in release Vulnerable Vulnerable Vulnerable Vulnerable
gnupg Not in release Not in release Not in release Not in release Fixed
gnupg1 Not affected Not affected Not affected Vulnerable Not in release
gnupg2 Fixed Fixed Fixed Fixed Fixed
python-gnupg Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-9234

Low priority
Fixed

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Not affected
gnupg2 Fixed Not affected
Show less packages

CVE-2016-6313

High priority
Fixed

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...

4 affected packages

gnupg, gnupg2, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Fixed
gnupg2 Not affected Not affected
libgcrypt11 Not in release Not in release
libgcrypt20 Fixed Fixed
Show less packages

CVE-2015-1607

Low priority

Some fixes available 7 of 8

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages