PT-2013-1174 · Gnu+3 · Gnupg+3
Taylor R Campbell
+1
·
Published
2013-10-09
·
Updated
2024-06-15
·
CVE-2013-4402
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GnuPG versions 1.4.x through 1.4.15
GnuPG versions 2.0.x through 2.0.22
gnupg2 versions 2.0.10 through 2.0.14
gnupg2-debuginfo versions 2.0.10 through 2.0.14
gnupg2-smime versions 2.0.14
Description
The issue affects the compressed packet parser in GnuPG, allowing remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. This can lead to a disruption of integrity and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.
Recommendations
For GnuPG versions 1.4.x through 1.4.15, update to version 1.4.15 or later.
For GnuPG versions 2.0.x through 2.0.22, update to version 2.0.22 or later.
For gnupg2 versions 2.0.10 through 2.0.14, update to a version later than 2.0.14.
For gnupg2-debuginfo versions 2.0.10 through 2.0.14, update to a version later than 2.0.14.
For gnupg2-smime versions 2.0.14, update to a version later than 2.0.14.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Gnupg
Red Hat
Suse