Taylor R Campbell

Name of the Vulnerable Software and Affected Versions: libnv (affected versions not specified) Description: The issue is related to an integer overflow in the libnv library, which can occur due to a malicious value of size in a structure of packed libnv. This overflow leads to the allocation of a smaller buffer than required for the parsed data. The exploitation of this issue may allow a remote attacker to elevate their privileges or cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuPG versions 1.4.x through 1.4.15 GnuPG versions 2.0.x through 2.0.22 gnupg2 versions 2.0.10 through 2.0.14 gnupg2-debuginfo versions 2.0.10 through 2.0.14 gnupg2-smime versions 2.0.14 **Description** The issue affects the compressed packet parser in GnuPG, allowing remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. This can lead to a disruption of integrity and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely. **Recommendations** For GnuPG versions 1.4.x through 1.4.15, update to version 1.4.15 or later. For GnuPG versions 2.0.x through 2.0.22, update to version 2.0.22 or later. For gnupg2 versions 2.0.10 through 2.0.14, update to a version later than 2.0.14. For gnupg2-debuginfo versions 2.0.10 through 2.0.14, update to a version later than 2.0.14. For gnupg2-smime versions 2.0.14, update to a version later than 2.0.14.