Описание
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:slackroll:slackroll:7:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
EPSS
Процентиль: 55%
0.00323
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other