PT-2015-5387 · Gnu+3 · Gnupg+3

Hanno Böck

Published

2015-02-16

Updated

2019-11-22

CVE-2015-1607

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.18 and earlier GnuPG versions 2.0.x prior to 2.0.27 GnuPG versions 2.1.x prior to 2.1.2

Description The issue is related to the improper handling of bitwise left-shifts in the keybox-search.c file, which can be exploited by remote attackers to cause a denial of service through a crafted keyring file. This is related to sign extensions and "memcpy with overlapping ranges."

Recommendations For GnuPG versions 1.4.18 and earlier, update to version 1.4.19 or later. For GnuPG versions 2.0.x prior to 2.0.27, update to version 2.0.27 or later. For GnuPG versions 2.1.x prior to 2.1.2, update to version 2.1.2 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1842

ALT-PU-2015-2052

CVE-2015-1607

MGASA-2015-0359

SUSE-SU-2015:2170-1

SUSE-SU-2015:2171-1

SUSE-SU-2015:2171-2

USN-2554-1

Affected Products

Alt Linux

Gnupg

Suse

Ubuntu

PT-2015-5387 · Gnu+3 · Gnupg+3

CVE-2015-1607

Weakness Enumeration

Related Identifiers

Affected Products

References · 46