Search CVE reports


Toggle filters

21 – 30 of 38 results


CVE-2014-5270

Medium priority
Fixed

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2014-4617

Medium priority

Some fixes available 7 of 8

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2013-7323

Medium priority

Some fixes available 1 of 6

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

1 affected package

python-gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-gnupg Not affected
Show less packages

CVE-2013-4576

Medium priority
Fixed

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and...

1 affected package

gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
Show less packages

CVE-2013-4402

Medium priority

Some fixes available 7 of 8

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2013-4351

Low priority

Some fixes available 7 of 8

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2013-4242

Medium priority
Fixed

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

2 affected packages

gnupg, libgcrypt11

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
Show less packages

CVE-2012-6085

Medium priority

Some fixes available 9 of 10

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash)...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2010-2547

Medium priority

Some fixes available 4 of 5

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of...

1 affected package

gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg2
Show less packages

CVE-2008-1530

Low priority
Not affected

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages