CVE-2019-6690 – Python GnuPG 0.4.3 Improper Input Validation

https://notcve.org/view.php?id=CVE-2019-6690

25 Jan 2019 — python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. python-gnupg 0.4.3 permite que los atacantes dependientes del contexto engañen a gnupg para descifrar texto cifrado diferente al planeado. Para realizar el ataque, la frase de co... • https://packetstorm.news/files/id/151341 • CWE-20: Improper Input Validation •