6.8 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.127 Low
EPSS
Percentile
95.4%
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
CPE | Name | Operator | Version |
---|---|---|---|
gnu:privacy_guard | gnu privacy guard | le | 1.2.1 |
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
marc.info/?l=bugtraq&m=105215110111174&w=2
marc.info/?l=bugtraq&m=105301357425157&w=2
marc.info/?l=bugtraq&m=105311804129104&w=2
marc.info/?l=bugtraq&m=105362224514081&w=2
www.kb.cert.org/vuls/id/397604
www.linuxsecurity.com/advisories/engarde_advisory-3258.html
www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
www.mandriva.com/security/advisories?name=MDKSA-2003:061
www.osvdb.org/4947
www.redhat.com/support/errata/RHSA-2003-175.html
www.redhat.com/support/errata/RHSA-2003-176.html
www.securityfocus.com/bid/7497
www.turbolinux.com/security/TLSA-2003-34.txt
exchange.xforce.ibmcloud.com/vulnerabilities/11930
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135