Known Vulnerabilities for products from Gnupg
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gnupg".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40528 | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two crypto... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2021-33560 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a s... | 7.5 - HIGH | 2021-06-08 | 2023-11-07 |
| CVE-2021-3345 | _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest fina... | 7.8 - HIGH | 2021-01-29 | 2023-11-07 |
| CVE-2020-25125 | GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, ... | 7.8 - HIGH | 2020-09-03 | 2020-09-11 |
| CVE-2020-8945 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image... | 7.5 - HIGH | 2020-02-12 | 2023-11-07 |
| CVE-2019-14855 | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker... | 7.5 - HIGH | 2020-03-20 | 2022-11-08 |
| CVE-2019-13050 | Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it ris... | 7.5 - HIGH | 2019-06-29 | 2023-11-07 |
| CVE-2019-12904 | ** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack becaus... | 5.9 - MEDIUM | 2019-06-20 | 2023-11-07 |
| CVE-2018-1000858 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacke... | 8.8 - HIGH | 2018-12-20 | 2019-02-13 |
| CVE-2018-12020 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows re... | 7.5 - HIGH | 2018-06-08 | 2022-04-18 |
| CVE-2018-9234 | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, whi... | 7.5 - HIGH | 2018-04-04 | 2019-02-27 |
| CVE-2018-6829 | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which all... | 7.5 - HIGH | 2018-02-07 | 2020-01-15 |
| CVE-2018-0495 | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be miti... | 4.7 - MEDIUM | 2018-06-13 | 2023-11-07 |
| CVE-2017-9526 | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing pro... | 5.9 - MEDIUM | 2017-06-11 | 2023-11-07 |
| CVE-2017-7526 | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while... | 6.8 - MEDIUM | 2018-07-26 | 2023-11-07 |
| CVE-2017-0379 | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to dis... | 7.5 - HIGH | 2017-08-29 | 2023-11-07 |
| CVE-2016-6313 | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and... | 5.3 - MEDIUM | 2016-12-13 | 2023-11-07 |
| CVE-2016-4579 | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vect... | 7.5 - HIGH | 2016-06-13 | 2023-11-07 |
| CVE-2016-4574 | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers t... | 7.5 - HIGH | 2016-06-13 | 2023-11-07 |
| CVE-2016-4356 | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of ... | 7.5 - HIGH | 2016-06-13 | 2023-11-07 |
Known software with vulnerabilities from Gnupg
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gnupg | Gnupg | 0.0.0 |
| Application | Gnupg | Gpgee | 1.2.0 |
| Application | Gnupg | Gpgme | 0.0.0 |
| Application | Gnupg | Libgcrypt | 0.1.0 |
| Application | Gnupg | Libgpg-error | 0.1 |