CVE-2022-34903

Опубликовано: 01 июл. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 5.8

EPSS Низкий

Описание

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Ссылки

http://www.openwall.com/lists/oss-security/2022/07/02/1
Exploit
Mailing List
Third Party Advisory
https://bugs.debian.org/1014157
Issue Tracking
Mailing List
Patch
Third Party Advisory
https://dev.gnupg.org/T6027
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/
https://security.netapp.com/advisory/ntap-20220826-0005/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5174
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/06/30/1
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/07/02/1
Exploit
Mailing List
Third Party Advisory
https://bugs.debian.org/1014157
Issue Tracking
Mailing List
Patch
Third Party Advisory
https://dev.gnupg.org/T6027
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/
https://security.netapp.com/advisory/ntap-20220826-0005/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5174
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/06/30/1
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*

Версия до 2.3.6 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.0112

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2022-34903

CVSS3: 6.5

ubuntu

почти 3 года назад

CVE-2022-34903

CVSS3: 5.9

redhat

почти 3 года назад

CVE-2022-34903

CVSS3: 6.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-34903

CVSS3: 6.5

debian

почти 3 года назад

GnuPG through 2.3.6, in unusual situations where an attacker possesses ...

SUSE-SU-2022:3144-1

suse-cvrf

почти 3 года назад

Security update for gpg2

EPSS

Процентиль: 77%

0.0112

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74