Denial of service vulnerability in GnuPG via malformed compressed packets - CVE-2014-4617ID: oval:org.secpod.oval:def:21826 | Date: (C)2014-12-01 (M)2023-12-07 |
Class: VULNERABILITY | Family: unix |
The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allows context-dependent attackers to cause a denial of service.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 5 |