PT-2015-5387 · Gnu+3 · Gnupg+3

Hanno Böck

Publicado

2015-02-16

Atualizado

2019-11-22

CVE-2015-1607

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.18 and earlier GnuPG versions 2.0.x prior to 2.0.27 GnuPG versions 2.1.x prior to 2.1.2

Description The issue is related to the improper handling of bitwise left-shifts in the keybox-search.c file, which can be exploited by remote attackers to cause a denial of service through a crafted keyring file. This is related to sign extensions and "memcpy with overlapping ranges."

Recommendations For GnuPG versions 1.4.18 and earlier, update to version 1.4.19 or later. For GnuPG versions 2.0.x prior to 2.0.27, update to version 2.0.27 or later. For GnuPG versions 2.1.x prior to 2.1.2, update to version 2.1.2 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1842

ALT-PU-2015-2052

CVE-2015-1607

MGASA-2015-0359

SUSE-SU-2015:2170-1

SUSE-SU-2015:2171-1

SUSE-SU-2015:2171-2

USN-2554-1

Produtos afetados

Alt Linux

Gnupg

Suse

Ubuntu

PT-2015-5387 · Gnu+3 · Gnupg+3

CVE-2015-1607

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46