Описание
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/xenial | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | released | 1.4.16-1ubuntu2.5 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 1.4.20-1ubuntu3.2 |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 1.4.22-5 |
| disco | ignored | end of life |
| eoan | not-affected | 1.4.22-5 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.4.22-5 |
| esm-apps/jammy | not-affected | 1.4.22-5 |
| esm-apps/noble | not-affected | 1.4.22-5 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.1.15-1ubuntu8.1 |
| bionic | released | 2.2.4-1ubuntu1.1 |
| cosmic | released | 2.2.8-1ubuntu1 |
| devel | released | 2.2.8-1ubuntu1 |
| disco | released | 2.2.8-1ubuntu1 |
| eoan | released | 2.2.8-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.22-3ubuntu1.4]] |
| esm-infra/bionic | released | 2.2.4-1ubuntu1.1 |
| esm-infra/focal | released | 2.2.8-1ubuntu1 |
| esm-infra/xenial | released | 2.1.11-6ubuntu2.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 0.4.1-1ubuntu1.18.04.1 |
| cosmic | released | 0.4.1-1ubuntu1.18.10.1 |
| devel | not-affected | 0.4.3-1ubuntu1 |
| disco | not-affected | 0.4.3-1ubuntu1 |
| eoan | not-affected | 0.4.3-1ubuntu1 |
| esm-apps/bionic | released | 0.4.1-1ubuntu1.18.04.1 |
| esm-apps/focal | not-affected | 0.4.3-1ubuntu1 |
| esm-apps/jammy | not-affected | 0.4.3-1ubuntu1 |
| esm-apps/noble | not-affected | 0.4.3-1ubuntu1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3