CVE-2022-34903

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.3.7

Description The issue is related to insufficient neutralization of special elements in a request, allowing a remote attacker to access and compromise confidential data. In unusual situations where an attacker possesses secret-key information from a victim's keyring and other constraints are met, such as the use of GPGME, signature forgery is possible via injection into the status line.

Recommendations For GnuPG versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of GPGME to minimize the risk of exploitation. Additionally, ensure that secret-key information is properly secured to prevent unauthorized access.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALSA-2022:6463

ALSA-2022:6602

ALT-PU-2023-4953

ALT-PU-2025-7348

ALT-PU-2025-7373

AZL-10074

BDU:2023-03850

CESA-2022_6463

CVE-2022-34903

DSA-5174-1

MGASA-2022-0259

OESA-2022-1847

OPENSUSE-SU-2022:2546-1

OPENSUSE-SU-2022_2546-1

OPENSUSE-SU-2024:12215-1

RHSA-2022:6463

RHSA-2022:6602

RHSA-2022_6463

RHSA-2022_6602

RLSA-2022:6463

RLSA-2022:6602

SUSE-SU-2022:2529-1

SUSE-SU-2022:2546-1

SUSE-SU-2022:3144-1

SUSE-SU-2022_2529-1

SUSE-SU-2022_2546-1

SUSE-SU-2022_3144-1

USN-5503-1

USN-5503-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gpgme

Gnupg

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-34903

Weakness Enumeration

Related Identifiers

Affected Products

References · 69