Lucene search

K
freebsdFreeBSD30394651-13E1-11DD-BAB7-0016179B2DD5
HistoryMar 19, 2008 - 12:00 a.m.

gnupg -- memory corruption vulnerability

2008-03-1900:00:00
vuxml.freebsd.org
10

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.041

Percentile

92.3%

Secunia reports:

A vulnerability has been reported in GnuPG, which can potentially
be exploited to compromise a vulnerable system.
The vulnerability is caused due to an error when importing keys
with duplicated IDs. This can be exploited to cause a memory
corruption when importing keys via --refresh-keys or --import.
Successful exploitation potentially allows execution of arbitrary
code, but has not been proven yet.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnupg= 1.0.0UNKNOWN
FreeBSDanynoarchgnupg< 1.4.9UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.041

Percentile

92.3%

Related for 30394651-13E1-11DD-BAB7-0016179B2DD5