GNUMail 1.1.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to forge the contents of a message without detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu gnumail |