CVSS: 5.0EPSS: 1%CPEs: 64EXPL: 0CVE-2014-4617
https://notcve.org/view.php?id=CVE-2014-4617
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. La función do_uncompress en g10/compress.c en GnuPG 1.x anterior a 1.4.17 y 2.x anterior a 2.0.24 permite a atacantes dependientes de contexto causar una denegación de servicio (bucle infinito) a través de paquetes comprimidos malformados, tal y como fue demostrado por una secuencia de bytes a3 01 5b ff. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html http://secunia.com/advisories/59213 http://secunia.com/advisories/59351 http://secunia.com/ad • CWE-20: Improper Input Validation •
CVSS: 2.9EPSS: 0%CPEs: 43EXPL: 0CVE-2013-4576 – gnupg: RSA secret key recovery via acoustic cryptanalysis
https://notcve.org/view.php?id=CVE-2013-4576
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes físicamente próximos extraer claves RSA a través de un ataque de texto cifrado elegido y criptoanálisis acústico durante el descifrado. • http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html http://osvdb.org/101170 http://rhn.redhat.com/errata/RHSA-2014-0016.html http://seclists.org/oss-sec/2013/q4/520 http://seclists.org/oss-sec/2013/q4/523 http://www.cs.tau.ac.il/~tromer/acoustic http://www.debian.org/security/2013/dsa-2821 http://www.securityfocus.com/bid/64424 http://www.securitytracker.com/id/1029513 http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf ht • CWE-255: Credentials Management Errors •
CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 32%CPEs: 2EXPL: 1CVE-2007-1263 – GnuPG 1.x - Signed Message Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1263
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la línea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con múltiples componentes, lo cual podría permitir a atacantes remotos falsificar el contenido de un mensaje sin ser detectado. • https://www.exploit-db.com/exploits/29689 ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2775 http://fedoranews.org/cms/node/2776 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html http://secunia.com/advisories/24365 http://secunia.com/advisories/24407 http://secunia.com/advisories/24419 http://secunia.com/advisories/24420 http •
CVSS: 5.0EPSS: 74%CPEs: 2EXPL: 1CVE-2006-3082 – GnuPG 1.4.3/1.9.x - Parse_User_ID Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3082
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option. parse-packet.c en GnuPG (gpg) v1.4.3, v1.9.20 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de gpg) y posiblemente sobrescribir la memoria a través de un paquete de mensajes de gran longitud (con un ID de usuario demasiado largo), lo cual podría llevar a un desbordamiento de enteros, tal y como se demuestra con la opción '-no-armor'. • https://www.exploit-db.com/exploits/28077 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157 http://seclists.org/lists/fulldisclosure/2006/May/0774.html http://seclists.org/lists/fulldisclosure/2006/May/0782.html http://seclists.org/lists/fulldisclosure/2006/May/0789.html http://secunia.com/advisories/20783 http://secunia.com/advisories/20801 http://secunia.com&#x • CWE-189: Numeric Errors •