Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-6690

Опубликовано: 21 мар. 2019
Источник: debian
EPSS Средний

Описание

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-gnupgfixed0.4.4-1package

Примечания

  • https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability

  • https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112

  • https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112

EPSS

Процентиль: 96%
0.22008
Средний

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 6 лет назад

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

CVSS3: 7.5
redhat
больше 6 лет назад

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

CVSS3: 7.5
nvd
больше 6 лет назад

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

suse-cvrf
больше 6 лет назад

Security update for python-python-gnupg

CVSS3: 7.5
github
больше 6 лет назад

Improper Input Validation python-gnupg

EPSS

Процентиль: 96%
0.22008
Средний