[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-6690Date: (C)2019-06-19   (M)2023-12-22


python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
BID-106756
https://seclists.org/bugtraq/2019/Jan/41
FEDORA-2019-06f5bbdaf5
FEDORA-2020-17fb3273b2
FEDORA-2020-e67d007a67
SU-2019:0143-1
SUSE-SU-2019:0239-1
USN-3964-1
https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
https://pypi.org/project/python-gnupg/#history

CPE    3
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
CWE    1
CWE-20
OVAL    6
oval:org.secpod.oval:def:54589
oval:org.secpod.oval:def:116770
oval:org.secpod.oval:def:118472
oval:org.secpod.oval:def:1901087
...

© SecPod Technologies