GnuPG 1.4.6 and previous versions and GPGME prior to 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote malicious users to forge the contents of a message without detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnupg gnupg |
||
gnu gpgme |