[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4351Date: (C)2013-10-10   (M)2024-02-09


GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
DSA-2773
DSA-2774
RHSA-2013:1459
USN-1987-1
http://www.openwall.com/lists/oss-security/2013/09/13/4
http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138
https://bugzilla.redhat.com/show_bug.cgi?id=1010137
openSUSE-SU-2013:1526
openSUSE-SU-2013:1532

CPE    29
cpe:/a:gnupg:gnupg:2.1.0:beta1
cpe:/a:gnupg:gnupg:1.4.8
cpe:/a:gnupg:gnupg:1.4.5
cpe:/a:gnupg:gnupg:1.4.3
...
CWE    1
CWE-310
OVAL    18
oval:org.secpod.oval:def:601124
oval:org.secpod.oval:def:501121
oval:org.secpod.oval:def:501124
oval:org.secpod.oval:def:105979
...

© SecPod Technologies