PT-2013-1173 · Gnu+3 · Gnupg+3

Ratul Gupta

Publicado

2013-10-09

Atualizado

2024-06-15

CVE-2013-4351

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.x through 2.1.x

Description The issue allows remote attackers to bypass intended cryptographic protection mechanisms by leveraging a subkey with all bits cleared in a key flags subpacket, which is treated as if all bits are set. This might lead to a violation of the integrity and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For GnuPG versions 1.4.x through 2.1.x, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-310

Identificadores relacionados

BDU:2015-06662

BDU:2015-06663

BDU:2015-06664

BDU:2015-06665

BDU:2015-06666

BDU:2015-08927

BDU:2015-08928

BDU:2015-08929

BDU:2015-08930

BDU:2015-08931

CESA-2013_1459

CVE-2013-4351

DSA-2773-1

DSA-2774-1

MGASA-2013-0299

OPENSUSE-SU-2024:10102-1

RHSA-2013:1458

RHSA-2013:1459

RHSA-2013_1458

RHSA-2013_1459

SUSE-SU-2013_1576-1

SUSE-SU-2013_1578-1

Produtos afetados

Centos

Gnupg

Red Hat

Suse

PT-2013-1173 · Gnu+3 · Gnupg+3

CVE-2013-4351

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 76