[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6085Date: (C)2013-01-24   (M)2024-02-09


The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-57102
FEDORA-2013-0148
FEDORA-2013-0377
MDVSA-2013:001
RHSA-2013:1459
USN-1682-1
http://www.openwall.com/lists/oss-security/2013/01/01/6
gnupg-public-keys-code-exec(80990)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67
https://bugs.g10code.com/gnupg/issue1455
https://bugzilla.redhat.com/show_bug.cgi?id=891142

CWE    1
CWE-20
OVAL    16
oval:org.secpod.oval:def:1300152
oval:org.secpod.oval:def:302990
oval:org.secpod.oval:def:600945
oval:org.secpod.oval:def:501121
...

© SecPod Technologies