{"api_version":"1","generated_at":"2026-04-23T05:05:24+00:00","cve":"CVE-2019-6690","urls":{"html":"https://cve.report/CVE-2019-6690","api":"https://cve.report/api/cve/CVE-2019-6690.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6690","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6690"},"summary":{"title":"CVE-2019-6690","description":"python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-03-21 16:01:00","updated_at":"2023-11-07 03:13:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/","name":"FEDORA-2020-17fb3273b2","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python-gnupg-0.4.6-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/","name":"FEDORA-2020-e67d007a67","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: python-gnupg-0.4.6-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/","name":"FEDORA-2019-06f5bbdaf5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: python-gnupg-0.4.4-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/41","name":"20190125 CVE-2019-6690: Improper Input Validation in python-gnupg","refsource":"BUGTRAQ","tags":["Exploit","Issue Tracking","Mailing List","Third Party Advisory"],"title":"Bugtraq: CVE-2019-6690: Improper Input Validation in python-gnupg","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html","name":"SU-2019:0143-1","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2019:0143-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/","name":"https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2019-6690: Improper Input Validation in python-gnupg – Hackeriet","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://pypi.org/project/python-gnupg/#history","name":"https://pypi.org/project/python-gnupg/#history","refsource":"MISC","tags":["Product"],"title":"python-gnupg · PyPI","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/","name":"FEDORA-2019-06f5bbdaf5","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: python-gnupg-0.4.4-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html","name":"http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Python GnuPG 0.4.3 Improper Input Validation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html","name":"SUSE-SU-2019:0239-1","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2019:0239-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/","name":"FEDORA-2020-17fb3273b2","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python-gnupg-0.4.6-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106756","name":"106756","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html","name":"[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 1675-1] python-gnupg security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html","name":"[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2862-1] python-gnupg security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/","name":"FEDORA-2020-e67d007a67","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: python-gnupg-0.4.6-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3964-1/","name":"USN-3964-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3964-1: python-gnupg vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6690","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6690","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python-gnupg","cpe6":"0.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python-gnupg","cpe6":"0.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"backports","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"backports","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6690","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-6690","qid":"178969","title":"Debian Security Update for python-gnupg (DLA 2862-1)"},{"cve":"CVE-2019-6690","qid":"981444","title":"Python (pip) Security Update for python-gnupg (GHSA-2fch-jvg5-crf6)"},{"cve":"CVE-2019-6690","qid":"983462","title":"Python (pip) Security Update for python-gnupg (GHSA-qh62-ch95-63wh)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-6690","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"BID","name":"106756","url":"http://www.securityfocus.com/bid/106756"},{"url":"http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html","refsource":"MISC","name":"http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html"},{"url":"https://pypi.org/project/python-gnupg/#history","refsource":"MISC","name":"https://pypi.org/project/python-gnupg/#history"},{"refsource":"SUSE","name":"SU-2019:0143-1","url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html"},{"refsource":"SUSE","name":"SUSE-SU-2019:0239-1","url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html"},{"refsource":"MLIST","name":"[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html"},{"refsource":"BUGTRAQ","name":"20190125 CVE-2019-6690: Improper Input Validation in python-gnupg","url":"https://seclists.org/bugtraq/2019/Jan/41"},{"refsource":"MISC","name":"https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/","url":"https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/"},{"refsource":"UBUNTU","name":"USN-3964-1","url":"https://usn.ubuntu.com/3964-1/"},{"refsource":"FEDORA","name":"FEDORA-2019-06f5bbdaf5","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/"},{"refsource":"FEDORA","name":"FEDORA-2020-17fb3273b2","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/"},{"refsource":"FEDORA","name":"FEDORA-2020-e67d007a67","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211228 [SECURITY] [DLA 2862-1] python-gnupg security update","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"}]}},"nvd":{"publishedDate":"2019-03-21 16:01:00","lastModifiedDate":"2023-11-07 03:13:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python-gnupg:0.4.3:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:suse:backports:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6690","Ordinal":"144421","Title":"CVE-2019-6690","CVE":"CVE-2019-6690","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6690","Ordinal":"1","NoteData":"python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6690","Ordinal":"2","NoteData":"2019-03-17","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6690","Ordinal":"3","NoteData":"2021-12-28","Type":"Other","Title":"Modified"}]}}}