6.2 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.274 Low
EPSS
Percentile
96.7%
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
fedoranews.org/cms/node/2775
fedoranews.org/cms/node/2776
lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
secunia.com/advisories/24365
secunia.com/advisories/24407
secunia.com/advisories/24419
secunia.com/advisories/24420
secunia.com/advisories/24438
secunia.com/advisories/24489
secunia.com/advisories/24511
secunia.com/advisories/24544
secunia.com/advisories/24650
secunia.com/advisories/24734
secunia.com/advisories/24875
securityreason.com/securityalert/2353
support.avaya.com/elmodocs2/security/ASA-2007-144.htm
www.coresecurity.com/?action=item&id=1687
www.debian.org/security/2007/dsa-1266
www.mandriva.com/security/advisories?name=MDKSA-2007:059
www.redhat.com/support/errata/RHSA-2007-0106.html
www.redhat.com/support/errata/RHSA-2007-0107.html
www.securityfocus.com/archive/1/461958/100/0/threaded
www.securityfocus.com/archive/1/461958/30/7710/threaded
www.securityfocus.com/bid/22757
www.securitytracker.com/id?1017727
www.trustix.org/errata/2007/0009/
www.ubuntu.com/usn/usn-432-1
www.ubuntu.com/usn/usn-432-2
www.vupen.com/english/advisories/2007/0835
issues.rpath.com/browse/RPL-1111
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496