5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Jean-RenĂŠ Reinhard, Olivier Levillain and Florian Maury reported that
GnuPG, the GNU Privacy Guard, did not properly parse certain garbled
compressed data packets. A remote attacker could use this flaw to mount
a denial of service against GnuPG by triggering an infinite loop.
For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u4.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.16-1.2.
We recommend that you upgrade your gnupg packages.
CPE | Name | Operator | Version |
---|---|---|---|
gnupg | eq | 1.4.12-7+deb7u2 | |
gnupg | eq | 1.4.12-7 | |
gnupg | eq | 1.4.12-7+deb7u1 | |
gnupg | eq | 1.4.12-7+deb7u3 |