PT-2019-6323 · Gnu+4 · Gnupg+4

Published

2019-11-11

Updated

2026-01-30

CVE-2019-14855

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.2.18

Description A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. The issue is related to the use of weak encryption, which could allow a remote attacker to access confidential data.

Recommendations For GnuPG versions prior to 2.2.18, update to version 2.2.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of certificate signatures until a patch is available. Avoid using the SHA-1 algorithm for certificate signatures in the affected versions.

Exploit

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

ALT-PU-2019-3255

ALT-PU-2020-3344

ALT-PU-2020-3403

BDU:2023-01658

CLEANSTART-2026-HT23337

CVE-2019-14855

MGASA-2019-0348

OPENSUSE-SU-2024:10815-1

USN-4516-1

Affected Products

Alt Linux

Astra Linux

Debian

Gnupg

Ubuntu

PT-2019-6323 · Gnu+4 · Gnupg+4

CVE-2019-14855

Weakness Enumeration

Related Identifiers

Affected Products

References · 38