Описание
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gnupg2 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | gnupg2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gnupg2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gnupg2 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | gnupg2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
2.7 Low
CVSS3
Связанные уязвимости
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with ...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
2.7 Low
CVSS3