PT-2000-1884 · Gnu · Gnupg
Published
2000-12-19
·
Updated
2018-05-03
·
CVE-2000-0974
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GnuPG (gpg) version 1.0.3
Description
The issue concerns a problem with signature verification in files containing multiple documents. Specifically, it does not properly check all signatures, which allows an attacker to modify the contents of all documents except the first one without being detected.
Recommendations
For GnuPG (gpg) version 1.0.3, update to a newer version that properly checks all signatures of a file containing multiple documents to prevent undetected modifications.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gnupg