Search CVE reports
1 – 10 of 38 results
CVE-2022-3219
Low priorityGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | Not in release | Not in release | Not in release | Vulnerable |
| gnupg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-34903
Medium priorityGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | Not in release | Not in release | Not in release | Fixed |
| gnupg2 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-25125
Medium priorityGnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow...
1 affected packages
gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg2 | — | — | Not affected | Not affected | Not affected |
CVE-2019-14855
Low prioritySome fixes available 1 of 18
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
3 affected packages
gnupg, gnupg1, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gnupg1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| gnupg2 | Not affected | Not affected | Not affected | Fixed | Ignored |
CVE-2019-13050
Low prioritySome fixes available 1 of 12
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network....
3 affected packages
gnupg, gnupg2, sks
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gnupg2 | Not affected | Not affected | Not affected | Fixed | Ignored |
| sks | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-6690
Medium prioritySome fixes available 5 of 12
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be...
1 affected packages
python-gnupg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-gnupg | Not affected | Vulnerable | Vulnerable | Fixed | Fixed |
CVE-2018-1000858
Medium priorityGnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must...
1 affected packages
gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg2 | — | — | — | Fixed | Not affected |
CVE-2018-12020
Medium prioritySome fixes available 22 of 39
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the...
5 affected packages
enigmail, gnupg, gnupg1, gnupg2, python-gnupg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| enigmail | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gnupg | Not in release | Not in release | Not in release | Not in release | Fixed |
| gnupg1 | Not affected | Not affected | Not affected | Vulnerable | Not in release |
| gnupg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| python-gnupg | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-9234
Low priorityGnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
2 affected packages
gnupg, gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | Not in release | Not affected |
| gnupg2 | — | — | — | Fixed | Not affected |
CVE-2018-6829
Medium prioritycipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | Not in release | Not affected |
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Not affected | Not affected |