[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-4617Date: (C)2014-06-25   (M)2023-12-22


The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-59213
SECUNIA-59351
SECUNIA-59534
SECUNIA-59578
DSA-2967
DSA-2968
USN-2258-1
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
openSUSE-SU-2014:0866

CPE    64
cpe:/a:gnupg:gnupg:1.4.8
cpe:/o:opensuse:opensuse:12.3
cpe:/o:debian:debian_linux:7.0
cpe:/a:gnupg:gnupg:1.0.1
...
CWE    1
CWE-20
OVAL    11
oval:org.secpod.oval:def:702095
oval:org.secpod.oval:def:601702
oval:org.secpod.oval:def:601703
oval:org.secpod.oval:def:1600148
...

© SecPod Technologies