csaf_opensuse - opensuse-su-2024:10102-1

opensuse-su-2024:10102-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

gpg2-2.1.16-1.1 on GA media

Notes

Title of the patch

gpg2-2.1.16-1.1 on GA media

Description of the patch

These are all security issues fixed in the gpg2-2.1.16-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10102

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "gpg2-2.1.16-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the gpg2-2.1.16-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10102",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10102-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-2547 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-2547/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4351 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4351/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4402 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4402/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-4617 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-4617/"
      }
    ],
    "title": "gpg2-2.1.16-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10102-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.aarch64",
                "product": {
                  "name": "gpg2-2.1.16-1.1.aarch64",
                  "product_id": "gpg2-2.1.16-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.aarch64",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.aarch64",
                  "product_id": "gpg2-lang-2.1.16-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.ppc64le",
                "product": {
                  "name": "gpg2-2.1.16-1.1.ppc64le",
                  "product_id": "gpg2-2.1.16-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.ppc64le",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.ppc64le",
                  "product_id": "gpg2-lang-2.1.16-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.s390x",
                "product": {
                  "name": "gpg2-2.1.16-1.1.s390x",
                  "product_id": "gpg2-2.1.16-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.s390x",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.s390x",
                  "product_id": "gpg2-lang-2.1.16-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gpg2-2.1.16-1.1.x86_64",
                "product": {
                  "name": "gpg2-2.1.16-1.1.x86_64",
                  "product_id": "gpg2-2.1.16-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gpg2-lang-2.1.16-1.1.x86_64",
                "product": {
                  "name": "gpg2-lang-2.1.16-1.1.x86_64",
                  "product_id": "gpg2-lang-2.1.16-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64"
        },
        "product_reference": "gpg2-2.1.16-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le"
        },
        "product_reference": "gpg2-2.1.16-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x"
        },
        "product_reference": "gpg2-2.1.16-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-2.1.16-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64"
        },
        "product_reference": "gpg2-2.1.16-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gpg2-lang-2.1.16-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        },
        "product_reference": "gpg2-lang-2.1.16-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2547",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-2547"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-2547",
          "url": "https://www.suse.com/security/cve/CVE-2010-2547"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 625947 for CVE-2010-2547",
          "url": "https://bugzilla.suse.com/625947"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2010-2547"
    },
    {
      "cve": "CVE-2013-4351",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4351"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4351",
          "url": "https://www.suse.com/security/cve/CVE-2013-4351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 840510 for CVE-2013-4351",
          "url": "https://bugzilla.suse.com/840510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-4351"
    },
    {
      "cve": "CVE-2013-4402",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4402"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4402",
          "url": "https://www.suse.com/security/cve/CVE-2013-4402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 844175 for CVE-2013-4402",
          "url": "https://bugzilla.suse.com/844175"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 941439 for CVE-2013-4402",
          "url": "https://bugzilla.suse.com/941439"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2013-4402"
    },
    {
      "cve": "CVE-2014-4617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-4617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
          "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-4617",
          "url": "https://www.suse.com/security/cve/CVE-2014-4617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 884130 for CVE-2014-4617",
          "url": "https://bugzilla.suse.com/884130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962098 for CVE-2014-4617",
          "url": "https://bugzilla.suse.com/962098"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-2.1.16-1.1.x86_64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.aarch64",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.ppc64le",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.s390x",
            "openSUSE Tumbleweed:gpg2-lang-2.1.16-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-4617"
    }
  ]
}

CVE-2010-2547 (GCVE-0-2010-2547)

Vulnerability from cvelistv5

Published

2010-08-05 18:00

Modified

2024-08-07 02:39

Severity ?

CWE

Summary

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

References

►

URL

Tags

	http://www.mandriva.com/security/advisories?name=MDVSA-2010:143	vendor-advisory, x_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2010/1988	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://issues.rpath.com/browse/RPL-3229	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/1931	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/41945	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2010/dsa-2076	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id?1024247	vdb-entry, x_refsource_SECTRACK
	http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/38877	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/40841	third-party-advisory, x_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076	x_refsource_CONFIRM
	http://secunia.com/advisories/40718	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3125	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1950	vdb-entry, x_refsource_VUPEN
	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008	vendor-advisory, x_refsource_SLACKWARE
	http://www.vupen.com/english/advisories/2010/2217	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
          },
          {
            "name": "ADV-2010-1988",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1988"
          },
          {
            "name": "SUSE-SR:2010:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3229"
          },
          {
            "name": "ADV-2010-1931",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1931"
          },
          {
            "name": "41945",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41945"
          },
          {
            "name": "FEDORA-2010-11413",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
          },
          {
            "name": "DSA-2076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2076"
          },
          {
            "name": "1024247",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024247"
          },
          {
            "name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
          },
          {
            "name": "38877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38877"
          },
          {
            "name": "40841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
          },
          {
            "name": "40718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40718"
          },
          {
            "name": "ADV-2010-3125",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3125"
          },
          {
            "name": "ADV-2010-1950",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1950"
          },
          {
            "name": "SSA:2010-240-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
          },
          {
            "name": "ADV-2010-2217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-09-08T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2010:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
        },
        {
          "name": "ADV-2010-1988",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1988"
        },
        {
          "name": "SUSE-SR:2010:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-3229"
        },
        {
          "name": "ADV-2010-1931",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1931"
        },
        {
          "name": "41945",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41945"
        },
        {
          "name": "FEDORA-2010-11413",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
        },
        {
          "name": "DSA-2076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2076"
        },
        {
          "name": "1024247",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024247"
        },
        {
          "name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
        },
        {
          "name": "38877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38877"
        },
        {
          "name": "40841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
        },
        {
          "name": "40718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40718"
        },
        {
          "name": "ADV-2010-3125",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3125"
        },
        {
          "name": "ADV-2010-1950",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1950"
        },
        {
          "name": "SSA:2010-240-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.462008"
        },
        {
          "name": "ADV-2010-2217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2217"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2547",
    "datePublished": "2010-08-05T18:00:00",
    "dateReserved": "2010-06-30T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4351 (GCVE-0-2013-4351)

Vulnerability from cvelistv5

Published

2013-10-10 00:00

Modified

2024-08-06 16:38

Severity ?

CWE

Summary

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

References

►

URL

Tags

	http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://ubuntu.com/usn/usn-1987-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2013/dsa-2773	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2013/09/13/4	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2013-1459.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2013/dsa-2774	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=1010137	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
          },
          {
            "name": "openSUSE-SU-2013:1532",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
          },
          {
            "name": "USN-1987-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1987-1"
          },
          {
            "name": "DSA-2773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2773"
          },
          {
            "name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
          },
          {
            "name": "RHSA-2013:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
          },
          {
            "name": "openSUSE-SU-2013:1526",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
          },
          {
            "name": "DSA-2774",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2774"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
        },
        {
          "name": "openSUSE-SU-2013:1532",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
        },
        {
          "name": "USN-1987-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1987-1"
        },
        {
          "name": "DSA-2773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2773"
        },
        {
          "name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
        },
        {
          "name": "RHSA-2013:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
        },
        {
          "name": "openSUSE-SU-2013:1526",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
        },
        {
          "name": "DSA-2774",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2774"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4351",
    "datePublished": "2013-10-10T00:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4402 (GCVE-0-2013-4402)

Vulnerability from cvelistv5

Published

2013-10-28 22:00

Modified

2024-08-06 16:45

Severity ?

CWE

Summary

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1015685	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1987-1	vendor-advisory, x_refsource_UBUNTU
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433	x_refsource_CONFIRM
	http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2013/dsa-2773	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-1459.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2013/dsa-2774	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
          },
          {
            "name": "openSUSE-SU-2013:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
          },
          {
            "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
          },
          {
            "name": "USN-1987-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1987-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
          },
          {
            "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
          },
          {
            "name": "DSA-2773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2773"
          },
          {
            "name": "openSUSE-SU-2013:1552",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
          },
          {
            "name": "RHSA-2013:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
          },
          {
            "name": "DSA-2774",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2774"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
        },
        {
          "name": "openSUSE-SU-2013:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
        },
        {
          "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
        },
        {
          "name": "USN-1987-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1987-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
        },
        {
          "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
        },
        {
          "name": "DSA-2773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2773"
        },
        {
          "name": "openSUSE-SU-2013:1552",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
        },
        {
          "name": "RHSA-2013:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
        },
        {
          "name": "DSA-2774",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2774"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685"
            },
            {
              "name": "openSUSE-SU-2013:1546",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html"
            },
            {
              "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html"
            },
            {
              "name": "USN-1987-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1987-1"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"
            },
            {
              "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html"
            },
            {
              "name": "DSA-2773",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2773"
            },
            {
              "name": "openSUSE-SU-2013:1552",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html"
            },
            {
              "name": "RHSA-2013:1459",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
            },
            {
              "name": "DSA-2774",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2774"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4402",
    "datePublished": "2013-10-28T22:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4617 (GCVE-0-2014-4617)

Vulnerability from cvelistv5

Published

2014-06-25 10:00

Modified

2024-08-06 11:20

Severity ?

CWE

Summary

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

References

►

URL

Tags

	http://secunia.com/advisories/59351	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/59578	third-party-advisory, x_refsource_SECUNIA
	http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-2967	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2258-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	x_refsource_CONFIRM
	http://www.debian.org/security/2014/dsa-2968	vendor-advisory, x_refsource_DEBIAN
	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a	x_refsource_CONFIRM
	http://secunia.com/advisories/59534	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/59213	third-party-advisory, x_refsource_SECUNIA
	http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:20:26.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59351"
          },
          {
            "name": "59578",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59578"
          },
          {
            "name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
          },
          {
            "name": "DSA-2967",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2967"
          },
          {
            "name": "openSUSE-SU-2014:0866",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
          },
          {
            "name": "USN-2258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2258-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "DSA-2968",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2968"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
          },
          {
            "name": "59534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59534"
          },
          {
            "name": "59213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59213"
          },
          {
            "name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-27T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59351"
        },
        {
          "name": "59578",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59578"
        },
        {
          "name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
        },
        {
          "name": "DSA-2967",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2967"
        },
        {
          "name": "openSUSE-SU-2014:0866",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"
        },
        {
          "name": "USN-2258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2258-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "DSA-2968",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2968"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
        },
        {
          "name": "59534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59534"
        },
        {
          "name": "59213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59213"
        },
        {
          "name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59351"
            },
            {
              "name": "59578",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59578"
            },
            {
              "name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
            },
            {
              "name": "DSA-2967",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2967"
            },
            {
              "name": "openSUSE-SU-2014:0866",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
            },
            {
              "name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342",
              "refsource": "CONFIRM",
              "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342"
            },
            {
              "name": "USN-2258-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2258-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "DSA-2968",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2968"
            },
            {
              "name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a",
              "refsource": "CONFIRM",
              "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
            },
            {
              "name": "59534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59534"
            },
            {
              "name": "59213",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59213"
            },
            {
              "name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4617",
    "datePublished": "2014-06-25T10:00:00",
    "dateReserved": "2014-06-24T00:00:00",
    "dateUpdated": "2024-08-06T11:20:26.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:10102-1

Vulnerability from csaf_opensuse

CVE-2010-2547 (GCVE-0-2010-2547)

Vulnerability from cvelistv5

CVE-2013-4351 (GCVE-0-2013-4351)

Vulnerability from cvelistv5

CVE-2013-4402 (GCVE-0-2013-4402)

Vulnerability from cvelistv5

CVE-2014-4617 (GCVE-0-2014-4617)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature