CVE-2019-6690 – Python GnuPG 0.4.3 Improper Input Validation

https://notcve.org/view.php?id=CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. python-gnupg 0.4.3 permite que los atacantes dependientes del contexto engañen a gnupg para descifrar texto cifrado diferente al planeado. Para realizar el ataque, la frase de contraseña para gnupg debe estar controlada por el adversario y el texto cifrado debería ser fiable. Relacionado con un problema CWE-20: validación de entradas incorrecta que afecta al componente de la funcionalidad afectada. • https://github.com/brianwrf/CVE-2019-6690 https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html http://www.securityfocus.com/bid/106756 https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability https://lists.debian.org/debian-lts-announ • CWE-20: Improper Input Validation •