PT-2015-6217 · Unknown+1 · Module::Signature+1

John Lightsey

Publicado

2015-04-23

Atualizado

2024-06-15

CVE-2015-3406

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Module::Signature versions prior to 0.74

Description The issue concerns the PGP signature parsing in Module::Signature, allowing remote attackers to manipulate the treatment of signed and unsigned portions of a SIGNATURE file. This is achieved via unspecified vectors.

Recommendations For versions prior to 0.74, update to version 0.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIGNATURE file to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-681

Identificadores relacionados

CVE-2015-3406

DLA-264-1

DSA-3261-1

DSA-3261-2

OPENSUSE-SU-2024:10458-1

USN-2607-1

Produtos afetados

Module::Signature

Ubuntu

PT-2015-6217 · Unknown+1 · Module::Signature+1

CVE-2015-3406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25