PT-2013-1174 · Gnu+3 · Gnupg+3

Taylor R Campbell

+1

·

Publicado

2013-10-09

·

Atualizado

2024-06-15

·

CVE-2013-4402

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.x through 1.4.15 GnuPG versions 2.0.x through 2.0.22 gnupg2 versions 2.0.10 through 2.0.14 gnupg2-debuginfo versions 2.0.10 through 2.0.14 gnupg2-smime versions 2.0.14
Description The issue affects the compressed packet parser in GnuPG, allowing remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. This can lead to a disruption of integrity and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.
Recommendations For GnuPG versions 1.4.x through 1.4.15, update to version 1.4.15 or later. For GnuPG versions 2.0.x through 2.0.22, update to version 2.0.22 or later. For gnupg2 versions 2.0.10 through 2.0.14, update to a version later than 2.0.14. For gnupg2-debuginfo versions 2.0.10 through 2.0.14, update to a version later than 2.0.14. For gnupg2-smime versions 2.0.14, update to a version later than 2.0.14.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-06662
BDU:2015-06663
BDU:2015-06664
BDU:2015-06665
BDU:2015-06666
BDU:2015-08927
BDU:2015-08928
BDU:2015-08929
BDU:2015-08930
BDU:2015-08931
CESA-2013_1459
CVE-2013-4402
DSA-2773-1
DSA-2774-1
MGASA-2013-0299
MGASA-2013-0303
OPENSUSE-SU-2024:10102-1
RHSA-2013:1458
RHSA-2013:1459
RHSA-2013_1458
RHSA-2013_1459

Produtos afetados

Centos
Gnupg
Red Hat
Suse