PT-2013-1173 · Gnu+3 · Gnupg+3

Ratul Gupta

Published

2013-10-09

Updated

2024-06-15

CVE-2013-4351

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.x through 2.1.x

Description The issue allows remote attackers to bypass intended cryptographic protection mechanisms by leveraging a subkey with all bits cleared in a key flags subpacket, which is treated as if all bits are set. This might lead to a violation of the integrity and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For GnuPG versions 1.4.x through 2.1.x, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-310

Related Identifiers

BDU:2015-06662

BDU:2015-06663

BDU:2015-06664

BDU:2015-06665

BDU:2015-06666

BDU:2015-08927

BDU:2015-08928

BDU:2015-08929

BDU:2015-08930

BDU:2015-08931

CESA-2013_1459

CVE-2013-4351

DSA-2773-1

DSA-2774-1

MGASA-2013-0299

OPENSUSE-SU-2024:10102-1

RHSA-2013:1458

RHSA-2013:1459

RHSA-2013_1458

RHSA-2013_1459

SUSE-SU-2013_1576-1

SUSE-SU-2013_1578-1

Affected Products

Centos

Gnupg

Red Hat

Suse

PT-2013-1173 · Gnu+3 · Gnupg+3

CVE-2013-4351

Weakness Enumeration

Related Identifiers

Affected Products

References · 76