Veracode Vulnerability DatabaseVERACODE:13276Improper Input Validation
EPSS
Percentile
86.0%
python-gnupg is susceptible to improper input validation. The passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods are not properly validated, allowing the attacker to get control of the passphrase being encrypted or decrypted by supplying a newline as input to it when symmetric encryption is used.
References
lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
www.securityfocus.com/bid/106756
blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
lists.debian.org/debian-lts-announce/2019/02/msg00021.html
lists.debian.org/debian-lts-announce/2021/12/msg00027.html
lists.fedoraproject.org/archives/list/[email protected]/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
lists.fedoraproject.org/archives/list/[email protected]/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
lists.fedoraproject.org/archives/list/[email protected]/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
pypi.org/project/python-gnupg/#history
seclists.org/bugtraq/2019/Jan/41
usn.ubuntu.com/3964-1/
www.mail-archive.com/[email protected]/msg49881.html
Related
