Search CVE reports
11 – 20 of 41 results
Some fixes available 25 of 42
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the...
5 affected packages
enigmail, gnupg, gnupg1, python-gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| enigmail | Not in release | Vulnerable | Vulnerable | Vulnerable |
| gnupg | Not in release | Not in release | Not in release | Not in release |
| gnupg1 | Not affected | Not affected | Not affected | Vulnerable |
| python-gnupg | Not affected | Not affected | Not affected | Fixed |
| gnupg2 | Fixed | Fixed | Fixed | Fixed |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | Not in release |
| gnupg2 | — | — | — | Fixed |
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | Not in release |
| libgcrypt11 | — | — | — | Not in release |
| libgcrypt20 | — | — | — | Not affected |
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed...
4 affected packages
gnupg1, gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg1 | — | — | — | Not affected |
| gnupg | — | — | — | Not in release |
| libgcrypt11 | — | — | — | Not in release |
| libgcrypt20 | — | — | — | Not affected |
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...
4 affected packages
gnupg, gnupg2, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | Not in release |
| gnupg2 | — | — | — | Not affected |
| libgcrypt11 | — | — | — | Not in release |
| libgcrypt20 | — | — | — | Fixed |
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...
3 affected packages
libgcrypt11, gnupg, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgcrypt11 | — | — | — | — |
| gnupg | — | — | — | — |
| libgcrypt20 | — | — | — | — |
Some fixes available 7 of 8
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a...
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | — |
| gnupg2 | — | — | — | — |
Some fixes available 7 of 8
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | — |
| gnupg2 | — | — | — | — |
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg | — | — | — | — |
| libgcrypt11 | — | — | — | — |
| libgcrypt20 | — | — | — | — |
Some fixes available 3 of 4
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data,...
2 affected packages
gnupg2, libksba
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg2 | — | — | — | — |
| libksba | — | — | — | — |