CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-13050 – GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
https://notcve.org/view.php?id=CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración keyserver de GnuPG que se refiera a un host en la red SKS keyserver. La recuperación de datos de esta red puede causar una denegación de servicio persistente, debido a un Ataque de Spamming de Certificado. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.fedoraproject.org/archives/list/pack • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000858 – gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service
https://notcve.org/view.php?id=CVE-2018-1000858
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. GnuPG, de la versión 2.1.12 a la 2.2.11, contiene una vulnerabilidad Cross-Site Request Forgery (CSRF) en dirmngr que puede resultar en CSRF controlado por el atacante, una divulgación de información o una denegación de servicio (DoS). El ataque parece ser explotable mediante una víctima que realice una petición WKD, por ejemplo, la introducción de una dirección de correo electrónico en la ventana "composer" de Thunderbird/Enigmail. • https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html https://usn.ubuntu.com/3853-1 https://access.redhat.com/security/cve/CVE-2018-1000858 https://bugzilla.redhat.com/show_bug.cgi?id=1663917 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-12020 – gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
https://notcve.org/view.php?id=CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archivo original durante las acciones de descifrado y verificación, lo que permite que atacantes remotos suplanten la salida que GnuPG envía en el descriptor de archivo 2 a otros programas que emplean la opción "--status-fd 2". Por ejemplo, los datos OpenPGP podrían representar un nombre de archivo original que contiene caracteres de nueva línea junto con los códigos de estado GOODSIG o VALIDSIG. A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. • http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html http://seclists.org/fulldisclosure/2019/Apr/38 http://www.openwall.com/lists/oss-security/2019/04/30/4 http://www.securityfocus.com/bid/104450 http://www.securitytracker.com/id/1041051 https://access.redhat.com/errata/RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2181 https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny&# • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9234
https://notcve.org/view.php?id=CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. GnuPG 2.2.4 y 2.2.5 no aplica una configuración en la que la certificación de claves requiere una clave maestra Certify offline. Esto resulta en que certificados aparentemente válidos ocurran solo con acceso a una subclave de firma. • https://dev.gnupg.org/T3844 https://usn.ubuntu.com/3675-1 • CWE-320: Key Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1607
https://notcve.org/view.php?id=CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit a bit, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura no válida) por medio de un archivo de llavero diseñado, relacionado con extensiones de signo y "memcpy with overlapping ranges." • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 http://www.openwall.com/lists/oss-security/2015/02/13/14 http://www.openwall.com/lists/oss-security/2015/02/14/6 http://www.securityfocus.com/bid/72610 http://www.ubuntu.com/usn/usn-2554-1 https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html https:// • CWE-20: Improper Input Validation •