Описание
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.4-2ubuntu23 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | not-affected | 2.2.19-3ubuntu2.4 |
| esm-infra/xenial | needs-triage | |
| focal | released | 2.2.19-3ubuntu2.4 |
| jammy | released | 2.2.27-3ubuntu2.3 |
| noble | released | 2.4.4-2ubuntu17.2 |
| oracular | released | 2.4.4-2ubuntu18.2 |
| plucky | released | 2.4.4-2ubuntu23 |
| upstream | released | 2.5.5 |
Показывать по
EPSS
2.7 Low
CVSS3
Связанные уязвимости
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
In GnuPG before 2.5.5, if a user chooses to import a certificate with ...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
EPSS
2.7 Low
CVSS3