GnuPG (Privacy Guard) 2.0.21

CPE Details

GnuPG (Privacy Guard) 2.0.21
gnupg
gnupg
2.0.21
2013-10-29
16h05 +00:00
2023-06-06
16h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*

Informations

Vendor

gnupg

Product

gnupg

Version

2.0.21

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-34903 2022-07-01
19h05 +00:00		 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
6.5
Medium
CVE-2019-14855 2020-03-19
23h00 +00:00		 A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
7.5
High
CVE-2011-2207 2019-11-27
17h06 +00:00		 dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
5.3
Medium
CVE-2015-1607 2019-11-20
17h30 +00:00		 kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
5.5
Medium
CVE-2015-1606 2019-11-20
17h30 +00:00		 The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
5.5
Medium
CVE-2019-13050 2019-06-29
14h07 +00:00		 Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
7.5
High
CVE-2018-12020 2018-06-08
19h00 +00:00		 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
7.5
High
CVE-2014-4617 2014-06-25
08h00 +00:00		 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
5
CVE-2013-4402 2013-10-28
21h00 +00:00		 The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
5