CVE-2015-1607
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit a bit, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura no válida) por medio de un archivo de llavero diseñado, relacionado con extensiones de signo y "memcpy with overlapping ranges."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-14 CVE Reserved
- 2015-04-01 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 | X_refsource_misc | |
http://www.openwall.com/lists/oss-security/2015/02/13/14 | Mailing List | |
http://www.openwall.com/lists/oss-security/2015/02/14/6 | Mailing List | |
http://www.securityfocus.com/bid/72610 | Third Party Advisory | |
http://www.ubuntu.com/usn/usn-2554-1 | Third Party Advisory | |
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | < 1.4.19 Search vendor "Gnupg" for product "Gnupg" and version " < 1.4.19" | - |
Affected
| ||||||
Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | >= 2.0 < 2.0.27 Search vendor "Gnupg" for product "Gnupg" and version " >= 2.0 < 2.0.27" | - |
Affected
| ||||||
Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | >= 2.1.0 < 2.1.2 Search vendor "Gnupg" for product "Gnupg" and version " >= 2.1.0 < 2.1.2" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
|