CVE-2022-3219

Опубликовано: 15 сент. 2022

Источник: redhat

CVSS3: 6.2

Описание

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	gnupg2	Out of support scope
Red Hat Enterprise Linux 7	gnupg2	Out of support scope
Red Hat Enterprise Linux 8	gnupg2	Fix deferred
Red Hat Enterprise Linux 9	gnupg2	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2127010gnupg: denial of service issue (resource consumption) using compressed packets

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2022-3219

CVSS3: 3.3

ubuntu

почти 3 года назад

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

CVE-2022-3219

CVSS3: 3.3

nvd

почти 3 года назад

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

CVE-2022-3219

CVSS3: 3.3

debian

почти 3 года назад

GnuPG can be made to spin on a relatively small input by (for example) ...

GHSA-pf7g-97vv-qmrr

CVSS3: 5.5

github

почти 3 года назад

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

6.2 Medium

CVSS3