CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 2CVE-2022-3515 – GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3515
17 Oct 2022 — A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the i... • https://access.redhat.com/security/cve/CVE-2022-3515 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25125
https://notcve.org/view.php?id=CVE-2020-25125
03 Sep 2020 — GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. GnuPG versiones 2.2.21 y 2.2.22 (y Gpg4win versión 3.1.12), presenta un desbordamiento de la matriz, conllevando a un bloqueo o posiblemente otro impacto no especificado, cuando una víct... • http://www.openwall.com/lists/oss-security/2020/09/03/4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2009-3805 – GPG2/Kleopatra 2.0.11 - Malformed Certificate
https://notcve.org/view.php?id=CVE-2009-3805
27 Oct 2009 — gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. gpg2.exe en Gpg4win v2.0.1, como el usado en KDE Kleopatra v2.0.11, permite a atacantes remotos causar una denegación de servicio (caída de programa) a través de una firma certificada larga. • https://www.exploit-db.com/exploits/9884 •
CVSS: 10.0EPSS: 8%CPEs: 32EXPL: 0CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
07 Dec 2006 — A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga re... • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc •