Lucene search
Veracode Vulnerability DatabaseVERACODE:26820HistorySep 21, 2020 - 6:19 a.m.
Denial Of Service (DoS)
2020-09-2106:19:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.01 Low
EPSS
Percentile
83.7%
pgpdump:precise is vulnerable to denial of service (DoS). The read_binary function in buffer.c in pgpdump allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pgpdump:precise | eq | 0.27 | |
| pgpdump:precise | eq | 0.27 |
References
lists.fedoraproject.org/pipermail/package-announce/2016-May/183750.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/184617.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/184689.html
seclists.org/bugtraq/2016/Apr/99
github.com/kazu-yamamoto/pgpdump/pull/16
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
Related
cve
cve
CVE-2016-4021
2016-05-26 14:59:01
packetstorm
packetstorm
pgpdump 0.29 Endless Loop
2016-04-18 00:00:00
prion
prion
Design/Logic Flaw
2016-05-26 14:59:00
nessus
nessus
Fedora 24 : pgpdump-0.30-1.fc24 (2016-8f4b54b005)
2016-05-09 00:00:00
Fedora 22 : pgpdump-0.30-1.fc22 (2016-6fd7a31d36)
2016-05-12 00:00:00
Fedora 23 : pgpdump-0.30-1.fc23 (2016-5733ad20f5)
2016-05-12 00:00:00
archlinux
archlinux
pgpdump: denial of service
2016-04-22 00:00:00
imlib2: multiple issues
2016-05-01 00:00:00
imlib2: multiple issues
2016-05-01 00:00:00
openvas
openvas
Fedora Update for pgpdump FEDORA-2016-8
2016-05-08 00:00:00
Fedora Update for pgpdump FEDORA-2016-6
2016-05-11 00:00:00
Mageia: Security Advisory (MGASA-2016-0157)
2016-05-09 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: pgpdump-0.30-1.fc24
2016-05-07 12:30:59
[SECURITY] Fedora 23 Update: pgpdump-0.30-1.fc23
2016-05-10 18:08:58
[SECURITY] Fedora 22 Update: pgpdump-0.30-1.fc22
2016-05-10 17:59:30
debiancve
debiancve
CVE-2016-4021
2016-05-26 14:59:01
cvelist
cvelist
CVE-2016-4021
2016-05-26 14:00:00
nvd
nvd
CVE-2016-4021
2016-05-26 14:59:01
mageia
mageia
Updated pgpdump packages fix security vulnerability
2016-04-29 20:21:35
osv
osv
pgpdump - security update
2016-12-30 00:00:00
ubuntucve
ubuntucve
CVE-2016-4021
2016-05-26 00:00:00
debian
debian
[SECURITY] [DLA 768-1] pgpdump security update
2016-12-30 21:33:55