CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 1CVE-2012-6085 – GnuPG: read_block() corrupt key input validation
https://notcve.org/view.php?id=CVE-2012-6085
24 Jan 2013 — The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. La función "read_block" en g10/import.c en GnuPG v1.4.x anterior a v1.4.13 y v2.0.x a la v2.0.19, cuando se importa una clave, permite a atacantes remotos corromper la base de datos del anillo de claves publicas (caída de la aplicació... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commitdiff%3Bh=f0b33b6fb8e0586e9584a7a409dcc31263776a67 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 14%CPEs: 3EXPL: 0CVE-2010-2547 – 2: use-after-free when importing certificate with many alternate names
https://notcve.org/view.php?id=CVE-2010-2547
05 Aug 2010 — Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Vulnerabilidad de uso después de la liberación (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html • CWE-416: Use After Free •