Описание
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the write_status_text_and_buffer() function in g10/cpr.c. This flaw allows a malicious actor to bypass access control.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gnupg2 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | gpgme | Not affected | ||
| Red Hat Enterprise Linux 7 | gnupg2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gpgme | Not affected | ||
| Red Hat Enterprise Linux 8 | gpgme | Not affected | ||
| Red Hat Enterprise Linux 9 | gpgme | Not affected | ||
| Red Hat Enterprise Linux 8 | gnupg2 | Fixed | RHSA-2022:6463 | 13.09.2022 |
| Red Hat Enterprise Linux 9 | gnupg2 | Fixed | RHSA-2022:6602 | 20.09.2022 |
| Red Hat Enterprise Linux 9 | gnupg2 | Fixed | RHSA-2022:6602 | 20.09.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
GnuPG through 2.3.6, in unusual situations where an attacker possesses ...
EPSS
5.9 Medium
CVSS3