CVE-2003-0255

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

El código de validación de claves en GnuPG 1.2.2 no determina adecuadamente la validez de claves con múltiples IDs de usuario y asigna la máxima validez (de la ID de usuario más válida), lo que impide que GnuPG advierta cuando algunas de las ID no tengan un "trusted path".

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-05-06 CVE Reserved
2003-05-07 CVE Published
2024-08-08 CVE Updated
2024-09-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (18)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=105215110111174&w=2	Mailing List
http://marc.info/?l=bugtraq&m=105311804129104&w=2	Mailing List
http://marc.info/?l=bugtraq&m=105362224514081&w=2	Mailing List
http://www.kb.cert.org/vuls/id/397604	Third Party Advisory
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html	X_refsource_misc
http://www.osvdb.org/4947	Vdb Entry
http://www.securityfocus.com/bid/7497	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/11930	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135	Signature

URL	Date	SRC

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2003-175.html	2018-05-03

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694	2018-05-03
http://marc.info/?l=bugtraq&m=105301357425157&w=2	2018-05-03
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html	2018-05-03
http://www.mandriva.com/security/advisories?name=MDKSA-2003:061	2018-05-03
http://www.redhat.com/support/errata/RHSA-2003-176.html	2018-05-03
http://www.turbolinux.com/security/TLSA-2003-34.txt	2018-05-03
https://access.redhat.com/security/cve/CVE-2003-0255	2003-06-23
https://bugzilla.redhat.com/show_bug.cgi?id=1617014	2003-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Privacy Guard Search vendor "Gnu" for product "Privacy Guard"				<= 1.2.1 Search vendor "Gnu" for product "Privacy Guard" and version " <= 1.2.1"		-		Affected