Alexander Kjäll

**Name of the Vulnerable Software and Affected Versions** python-gnupg version 0.4.3 **Description** The issue is related to improper input validation, allowing context-dependent attackers to trick gnupg into decrypting other ciphertext than intended. This can be achieved if the passphrase to gnupg is controlled by the adversary and the ciphertext is trusted. The vulnerability exists due to insufficient input validation in the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods of the python-gnupg package, which may allow an attacker to execute arbitrary code. **Recommendations** For python-gnupg version 0.4.3, consider restricting the use of the `gnupg.GPG.encrypt()` and `gnupg.GPG.decrypt()` methods until a patch is available. Additionally, ensure that the passphrase to gnupg is securely managed and that only trusted ciphertext is processed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.