5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.814 High
EPSS
Percentile
98.4%
The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.
Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur.
By sending a specially crafted email to a user running an affected version of GnuPG, a remote attacker could possibly execute arbitrary code with the permissions of the user running GnuPG.
There is no known workaround at this time.
All GnuPG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-crypt/gnupg | < 1.4.5 | UNKNOWN |