PT-2019-6323 · Gnu+4 · Gnupg+4

Publicado

2019-11-11

Atualizado

2026-01-30

CVE-2019-14855

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.2.18

Description A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. The issue is related to the use of weak encryption, which could allow a remote attacker to access confidential data.

Recommendations For GnuPG versions prior to 2.2.18, update to version 2.2.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of certificate signatures until a patch is available. Avoid using the SHA-1 algorithm for certificate signatures in the affected versions.

Exploit

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

ALT-PU-2019-3255

ALT-PU-2020-3344

ALT-PU-2020-3403

BDU:2023-01658

CLEANSTART-2026-HT23337

CVE-2019-14855

MGASA-2019-0348

OPENSUSE-SU-2024:10815-1

USN-4516-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Gnupg

Ubuntu

PT-2019-6323 · Gnu+4 · Gnupg+4

CVE-2019-14855

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38