CVE-2018-12020 – gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
https://notcve.org/view.php?id=CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archivo original durante las acciones de descifrado y verificación, lo que permite que atacantes remotos suplanten la salida que GnuPG envía en el descriptor de archivo 2 a otros programas que emplean la opción "--status-fd 2". Por ejemplo, los datos OpenPGP podrían representar un nombre de archivo original que contiene caracteres de nueva línea junto con los códigos de estado GOODSIG o VALIDSIG. A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. • http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html http://seclists.org/fulldisclosure/2019/Apr/38 http://www.openwall.com/lists/oss-security/2019/04/30/4 http://www.securityfocus.com/bid/104450 http://www.securitytracker.com/id/1041051 https://access.redhat.com/errata/RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2181 https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVE-2015-1607
https://notcve.org/view.php?id=CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit a bit, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura no válida) por medio de un archivo de llavero diseñado, relacionado con extensiones de signo y "memcpy with overlapping ranges." • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 http://www.openwall.com/lists/oss-security/2015/02/13/14 http://www.openwall.com/lists/oss-security/2015/02/14/6 http://www.securityfocus.com/bid/72610 http://www.ubuntu.com/usn/usn-2554-1 https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html https:// • CWE-20: Improper Input Validation •
CVE-2015-1606
https://notcve.org/view.php?id=CVE-2015-1606
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. La base de datos de llavero en GnuPG versiones anteriores a la versión 2.1.2, no maneja apropiadamente los paquetes no válidos, lo que permite a atacantes remotos causar una denegación de servicio (lectura no válida y uso de la memoria previamente liberada) por medio de un archivo de llavero especialmente diseñado. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 http://www.debian.org/security/2015/dsa-3184 http://www.openwall.com/lists/oss-security/2015/02/13/14 http://www.openwall.com/lists/oss-security/2015/02/14/6 http://www.securitytracker.com/id/1031876 https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html • CWE-416: Use After Free •
CVE-2014-9087
https://notcve.org/view.php?id=CVE-2014-9087
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Desbordamiento de enteros en la función ksba_oid_to_str en Libksba anterior a 1.3.2, utilizado en GnuPG, permite a atacantes remotos causar una denegación de servicio (caída) a través de un OID manipulado en (1) un mensaje S/MIME o (2) datos OpenPGP basados en ECC, lo que provoca un desbordamiento de buffer. • http://advisories.mageia.org/MGASA-2014-0498.html http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html http://secunia.com/advisories/60073 http://secunia.com/advisories/60189 http://secunia.com/advisories/60233 http://www.debian.org/security/2014/dsa-3078 http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 http://www.securityfocus.com/bid/71285 http://www.ubuntu.com/usn/USN-2427-1 http • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2013-4351 – gnupg: treats no-usage-permitted keys as all-usages-permitted
https://notcve.org/view.php?id=CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. GnuPG 1.4.x, y 2.1.x trata un subpaquete de flags clave con todos los bits a 0 (sin uso permitido) como si tuviera todos los bits establecidos (todo uso permitido) lo que permitiría a atacantes remotos evadir mecanismos de protección criptográfica intencionada mediante el aprovechamiento de la subclave. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html http://rhn.redhat.com/errata/RHSA-2013-1459.html http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 http://ubuntu.com/usn/usn-1987-1 http://www.debian.org/security/2013/dsa-2773 http://www.debian.org/security/2013/dsa-2774 http://www.openwall.com/lists/oss-security/2013/09/13/4 https://bugzilla.redhat.com/show_ • CWE-310: Cryptographic Issues •