PT-2006-1138 · Gnu+1 · Gnupg+1
Taviso
·
Published
2006-03-13
·
Updated
2018-10-19
·
CVE-2006-0049
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
GnuPG versions prior to 1.4.2.2
Description:
The issue concerns the verification of non-detached signatures. Attackers can inject unsigned data via a data packet not associated with a control packet. This causes the check for concatenated signatures to incorrectly report the signature as valid.
Recommendations:
For versions prior to 1.4.2.2, update to version 1.4.2.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gnupg
Red Hat