CVE-2012-6085

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.x through 1.4.12 GnuPG versions 2.0.x through 2.0.19 gnupg2 versions 2.0.10 through 2.0.14

Description The issue affects the integrity and availability of protected information. Exploitation of the vulnerabilities can be done remotely. The read block function in g10/import.c, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Recommendations For GnuPG versions 1.4.x through 1.4.12, update to version 1.4.13 or later. For GnuPG versions 2.0.x through 2.0.19, update to version 2.0.20 or later. For gnupg2 versions 2.0.10 through 2.0.14, update to a version later than 2.0.14. As a temporary workaround, consider restricting the use of the read block function in g10/import.c until a patch is available.