123 matches found
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
CVE-2019-6690
CVE-2019-6690 affects python-gnupg 0.4.3. A context-dependent flaw lets an attacker, if they control the GnuPG passphrase and the ciphertext is trusted, cause decryption of ciphertext other than intended (CWE-20: Improper Input Validation). Impact described in sources includes manipulation of enc...
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
Updated python-gnupg packages fix security vulnerability
When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...
MGASA-2019-0105 Updated python-gnupg packages fix security vulnerability
When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...
OPENSUSE-SU-2019:0239-1 Security update for python-python-gnupg
This update for python-python-gnupg to version 0.4.4 fixes the following issues: Security issue fixed: - CVE-2019-6690: Added a check to disallow certain control characters '\r', '\n', NUL in passphrases boo1123498. This update was imported from the openSUSE:Leap:15.0:Update update project...
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt functions when symmetric encryption is used. The supplied passphrase is n...
[SECURITY] [DLA 1675-1] python-gnupg security update
Package : python-gnupg Version : 0.3.6-1+deb8u1 CVE ID : CVE-2019-6690 Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt...
DLA-1675-1 python-gnupg - security update
Bulletin has no description...
Debian: Security Advisory (DLA-1675-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python-python-gnupg (openSUSE-SU-2019:0143-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : python-python-gnupg (openSUSE-2019-143)
This update for python-python-gnupg to version 0.4.4 fixes the following issues : Security issue fixed : - CVE-2019-6690: Added a check to disallow certain control characters '\r', '\n', NUL in passphrases boo1123498. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Security update for python-python-gnupg (important)
openSUSE Security Update: Security update for python-python-gnupg Announcement ID: openSUSE-SU-2019:0143-1 Rating: important References: 1123498 Cross-References: CVE-2019-6690 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update...
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
Improper Input Validation
python-gnupg is susceptible to improper input validation. The passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods are not properly validated, allowing the attacker to get control of the passphrase being encrypted or decrypted by supplying a newline as input to it when...
Exploit for Improper Input Validation in Python Python-Gnupg
CVE-2019-6690: Improper Input Validation in python-gnupg 0.4.3...
PT-2019-1354 · Gnupg +2 · Python-Gnupg +2
Name of the Vulnerable Software and Affected Versions: python-gnupg version 0.4.3 Description: The issue is related to improper input validation, allowing context-dependent attackers to trick gnupg into decrypting other ciphertext than intended. This can be achieved if the passphrase to gnupg is...
GHSA-R3VR-PRWV-86G9 python-gnupg's shell_quote function does not properly quote strings
The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...
python-gnupg's shell_quote function does not properly quote strings
The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...
GHSA-C2FX-8R76-GH36 python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...