[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Denial of service vulnerability in GnuPG via malformed compressed packets - CVE-2014-4617

ID: oval:org.secpod.oval:def:21826Date: (C)2014-12-01   (M)2023-12-07
Class: VULNERABILITYFamily: unix




The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allows context-dependent attackers to cause a denial of service.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Product:
gnupg
gnupg2
Reference:
CVE-2014-4617
CVE    1
CVE-2014-4617
CPE    66
cpe:/a:gnupg:gnupg:1.4.8
cpe:/a:gnupg:gnupg:1.0.1
cpe:/a:gnupg:gnupg:1.0.2
cpe:/a:gnupg:gnupg:1.2.0
...

© SecPod Technologies