17 matches found
MiracleLinux 8 : gnupg2-2.2.20-3.el8 (AXSA:2022-3833:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3833:01 advisory. gpg: Signature spoofing via status line injection CVE-2022-34903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...
MiracleLinux 9 : gnupg2-2.3.3-2.el9 (AXSA:2022-4062:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4062:02 advisory. gpg: Signature spoofing via status line injection CVE-2022-34903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...
JLSEC-2025-92 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information fr...
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
Rocky Linux 8 : gnupg2 (RLSA-2022:6463)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6463 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of...
SUSE CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
gpg: Signature spoofing via status line injection
A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...
gnupg2 security update
An update is available for gnupg2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating...
gpg: Signature spoofing via status line injection
A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...
CLSA-2022-1657815972 Fix CVE(s): CVE-2022-34903
SECURITY UPDATE: signature forgery via injection into the status line - debian/patches/CVE-2022-34903.patch: Fix garbled status messages in NOTATIONDATA in g10/cpr.c. - CVE-2022-34903...
GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line.
...
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
CVE-2022-34903
CVE-2022-34903 affects GnuPG up to version 2.3.6; under certain conditions (e.g., attacker possesses secret-key data and use of GPGME) it allows signature forgery via status-line injection. Advisories indicate a fix in gnupg2 2.3.7-1 (or later) across multiple distributions (e.g., Debian/Cloud, A...
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...
GnuPG 注入漏洞
GnuPG is a suite of open source cryptographic software from the GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. Versions of GnuPG prior to 2.3.6 suffer from an injection vulnerability that stems from an...