Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-14855

Опубликовано: 20 мар. 2020
Источник: debian

Описание

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnupg2fixed2.2.19-1package
gnupg2ignoredbusterpackage
gnupg2no-dsastretchpackage
gnupg2ignoredjessiepackage
gnupg1unfixedpackage
gnupgremovedpackage
gnupgignoredjessiepackage

Примечания

  • https://dev.gnupg.org/T4755

  • https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4

  • https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e

  • https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1

  • https://eprint.iacr.org/2020/014.pdf

  • Negligible security impact for gnupg1 which is only provided to decrypt legacy secrets

Связанные уязвимости

ubuntu логотип

CVE-2019-14855

CVSS3: 7.5
ubuntu
почти 6 лет назад

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

redhat логотип

CVE-2019-14855

CVSS3: 5.3
redhat
около 6 лет назад

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

nvd логотип

CVE-2019-14855

CVSS3: 7.5
nvd
почти 6 лет назад

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

github логотип

GHSA-cpvm-f36g-55vg

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

fstec логотип

BDU:2023-01658

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость программы для шифрования информации и создания электронных цифровых подписей GnuPG, связанная с слабым шифрованием, позволяющая нарушителю получить доступ к конфиденциальным данным