CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
Percentile
92.8%
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and
2.0.x through 2.0.19, when importing a key, allows remote attackers to
corrupt the public keyring database or cause a denial of service
(application crash) via a crafted length field of an OpenPGP packet.
Author | Note |
---|---|
seth-arnold | reproducer key available from dropbox url |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | gnupg | < 1.4.6-2ubuntu5.2 | UNKNOWN |
ubuntu | 10.04 | noarch | gnupg | < 1.4.10-2ubuntu1.2 | UNKNOWN |
ubuntu | 11.10 | noarch | gnupg | < 1.4.11-3ubuntu1.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | gnupg | < 1.4.11-3ubuntu2.2 | UNKNOWN |
ubuntu | 12.10 | noarch | gnupg | < 1.4.11-3ubuntu4.1 | UNKNOWN |
ubuntu | 10.04 | noarch | gnupg2 | < 2.0.14-1ubuntu1.5 | UNKNOWN |
ubuntu | 11.10 | noarch | gnupg2 | < 2.0.17-2ubuntu2.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | gnupg2 | < 2.0.17-2ubuntu2.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | gnupg2 | < 2.0.17-2ubuntu3.1 | UNKNOWN |
dl.dropbox.com/u/18852638/gnupg-issues/1455.zip
seclists.org/bugtraq/2012/Dec/151
www.openwall.com/lists/oss-security/2013/01/01/6
launchpad.net/bugs/cve/CVE-2012-6085
nvd.nist.gov/vuln/detail/CVE-2012-6085
security-tracker.debian.org/tracker/CVE-2012-6085
ubuntu.com/security/notices/USN-1682-1
www.cve.org/CVERecord?id=CVE-2012-6085