Known Vulnerabilities for products from Gnupg
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gnupg".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-47629 json | Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | 9.8 - CRITICAL | 2022-12-20 | 2023-11-07 |
| CVE-2022-34903 json | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and... | 6.5 - MEDIUM | 2022-07-01 | 2023-11-07 |
| CVE-2022-3515 json | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be e... | 9.8 - CRITICAL | 2023-01-12 | 2023-07-06 |
| CVE-2022-3219 json | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures att... | 3.3 - LOW | 2023-02-23 | 2023-05-26 |
| CVE-2021-40528 json | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two crypto... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2021-33560 json | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a s... | 7.5 - HIGH | 2021-06-08 | 2023-11-07 |
| CVE-2021-3345 json | _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest fina... | 7.8 - HIGH | 2021-01-29 | 2023-11-07 |
| CVE-2020-25125 json | GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, ... | 7.8 - HIGH | 2020-09-03 | 2020-09-11 |
| CVE-2020-8945 json | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image... | 7.5 - HIGH | 2020-02-12 | 2023-11-07 |
| CVE-2019-14855 json | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker... | 7.5 - HIGH | 2020-03-20 | 2022-11-08 |
| CVE-2019-13050 json | Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it ris... | 7.5 - HIGH | 2019-06-29 | 2023-11-07 |
| CVE-2019-12904 json | ** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack becaus... | 5.9 - MEDIUM | 2019-06-20 | 2023-11-07 |
| CVE-2018-1000858 json | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacke... | 8.8 - HIGH | 2018-12-20 | 2019-02-13 |
| CVE-2018-12020 json | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows re... | 7.5 - HIGH | 2018-06-08 | 2022-04-18 |
| CVE-2018-9234 json | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, whi... | 7.5 - HIGH | 2018-04-04 | 2019-02-27 |
| CVE-2018-6829 json | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which all... | 7.5 - HIGH | 2018-02-07 | 2020-01-15 |
| CVE-2018-0495 json | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be miti... | 4.7 - MEDIUM | 2018-06-13 | 2023-11-07 |
| CVE-2017-9526 json | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing pro... | 5.9 - MEDIUM | 2017-06-11 | 2023-11-07 |
| CVE-2017-7526 json | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while... | 6.8 - MEDIUM | 2018-07-26 | 2023-11-07 |
| CVE-2017-0379 json | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to dis... | 7.5 - HIGH | 2017-08-29 | 2023-11-07 |
Known software with vulnerabilities from Gnupg
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gnupg | Gnupg | 0.0.0 |
| Application | Gnupg | Gpgee | 1.2.0 |
| Application | Gnupg | Gpgme | 0.0.0 |
| Application | Gnupg | Libgcrypt | 0.1.0 |
| Application | Gnupg | Libgpg-error | 0.1 |