CVE-2013-4351
gnupg: treats no-usage-permitted keys as all-usages-permitted
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
GnuPG 1.4.x, y 2.1.x trata un subpaquete de flags clave con todos los bits a 0 (sin uso permitido) como si tuviera todos los bits establecidos (todo uso permitido) lo que permitiría a atacantes remotos evadir mecanismos de protección criptográfica intencionada mediante el aprovechamiento de la subclave.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-10-09 CVE Published
- 2023-08-22 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/09/13/4 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html | 2014-01-04 | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html | 2014-01-04 | |
| http://rhn.redhat.com/errata/RHSA-2013-1459.html | 2014-01-04 | |
| http://ubuntu.com/usn/usn-1987-1 | 2014-01-04 | |
| http://www.debian.org/security/2013/dsa-2773 | 2014-01-04 | |
| http://www.debian.org/security/2013/dsa-2774 | 2014-01-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1010137 | 2013-10-24 | |
| https://access.redhat.com/security/cve/CVE-2013-4351 | 2013-10-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.0 Search vendor "Gnupg" for product "Gnupg" and version "1.4.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.2 Search vendor "Gnupg" for product "Gnupg" and version "1.4.2" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.3 Search vendor "Gnupg" for product "Gnupg" and version "1.4.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.4 Search vendor "Gnupg" for product "Gnupg" and version "1.4.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.5 Search vendor "Gnupg" for product "Gnupg" and version "1.4.5" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.6 Search vendor "Gnupg" for product "Gnupg" and version "1.4.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.8 Search vendor "Gnupg" for product "Gnupg" and version "1.4.8" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.10 Search vendor "Gnupg" for product "Gnupg" and version "1.4.10" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.11 Search vendor "Gnupg" for product "Gnupg" and version "1.4.11" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.12 Search vendor "Gnupg" for product "Gnupg" and version "1.4.12" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.13 Search vendor "Gnupg" for product "Gnupg" and version "1.4.13" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0 Search vendor "Gnupg" for product "Gnupg" and version "2.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.1 Search vendor "Gnupg" for product "Gnupg" and version "2.0.1" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.3 Search vendor "Gnupg" for product "Gnupg" and version "2.0.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.4 Search vendor "Gnupg" for product "Gnupg" and version "2.0.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.5 Search vendor "Gnupg" for product "Gnupg" and version "2.0.5" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.6 Search vendor "Gnupg" for product "Gnupg" and version "2.0.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.7 Search vendor "Gnupg" for product "Gnupg" and version "2.0.7" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.8 Search vendor "Gnupg" for product "Gnupg" and version "2.0.8" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.10 Search vendor "Gnupg" for product "Gnupg" and version "2.0.10" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.11 Search vendor "Gnupg" for product "Gnupg" and version "2.0.11" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.12 Search vendor "Gnupg" for product "Gnupg" and version "2.0.12" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.13 Search vendor "Gnupg" for product "Gnupg" and version "2.0.13" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.14 Search vendor "Gnupg" for product "Gnupg" and version "2.0.14" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.15 Search vendor "Gnupg" for product "Gnupg" and version "2.0.15" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.16 Search vendor "Gnupg" for product "Gnupg" and version "2.0.16" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.17 Search vendor "Gnupg" for product "Gnupg" and version "2.0.17" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.18 Search vendor "Gnupg" for product "Gnupg" and version "2.0.18" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.0.19 Search vendor "Gnupg" for product "Gnupg" and version "2.0.19" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.1.0 Search vendor "Gnupg" for product "Gnupg" and version "2.1.0" | beta1 |
Affected
| ||||||