// For flags

CVE-2009-3805

GPG2/Kleopatra 2.0.11 - Malformed Certificate

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.

gpg2.exe en Gpg4win v2.0.1, como el usado en KDE Kleopatra v2.0.11, permite a atacantes remotos causar una denegación de servicio (caída de programa) a través de una firma certificada larga.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-10-21 First Exploit
  • 2009-10-27 CVE Reserved
  • 2009-10-27 CVE Published
  • 2024-06-06 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gpg4win
Search vendor "Gpg4win"
Gpg4win
Search vendor "Gpg4win" for product "Gpg4win"
2.0.1
Search vendor "Gpg4win" for product "Gpg4win" and version "2.0.1"
-
Affected
in Kde-apps
Search vendor "Kde-apps"
Kleopatra
Search vendor "Kde-apps" for product "Kleopatra"
2.0.11
Search vendor "Kde-apps" for product "Kleopatra" and version "2.0.11"
-
Safe