Описание
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Ссылки
- ExploitIssue Tracking
- Issue Tracking
- Mailing ListRelease NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
2.7 Low
CVSS3
4.7 Medium
CVSS3
Дефекты
Связанные уязвимости
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with ...
EPSS
2.7 Low
CVSS3
4.7 Medium
CVSS3