PT-2018-2214 · Gnu+5 · Gnupg+5

Marcus Brinkmann

·

Published

2018-06-08

·

Updated

2024-07-12

·

CVE-2018-12020

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.2.8
Description The issue is related to the mishandling of the original filename during decryption and verification actions in the mainproc.c component. This allows remote attackers to spoof output sent to other programs using the "--status-fd 2" option, potentially affecting the integrity of protected information. For instance, an OpenPGP data representation of an original filename with line feed characters, in conjunction with GOODSIG or VALIDSIG status codes, can be exploited.
Recommendations For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "--status-fd 2" option until the update is applied.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-706CWE-20

Related Identifiers

ALT-PU-2018-1881
ALT-PU-2018-1884
ALT-PU-2018-2427
BDU:2019-00237
CESA-2018_2180
CESA-2018_2181
CVE-2018-12020
DLA-2862-1
DSA-4222-1
DSA-4223-1
DSA-4224-1
MGASA-2018-0292
MGASA-2018-0316
MGASA-2018-0321
MGASA-2018-0354
OPENSUSE-SU-2018_1708-1
OPENSUSE-SU-2018_1722-1
OPENSUSE-SU-2018_1724-1
OPENSUSE-SU-2024:10736-1
OPENSUSE-SU-2024:10815-1
OPENSUSE-SU-2024:11261-1
OPENSUSE-SU-2024:14158-1
RHSA-2018:2180
RHSA-2018:2181
RHSA-2018_2180
RHSA-2018_2181
SUSE-SU-2018:1696-1
SUSE-SU-2018:1698-1
SUSE-SU-2018:1698-2
SUSE-SU-2018:1814-1
SUSE-SU-2018:2243-1
SUSE-SU-2018_1696-1
SUSE-SU-2018_1698-1
SUSE-SU-2018_1698-2
SUSE-SU-2018_1814-1
USN-3675-1
USN-3675-2
USN-3675-3
USN-3964-1
USN-4839-1

Affected Products

Alt Linux
Centos
Gnupg
Red Hat
Suse
Ubuntu