Published: 25/10/2014 Updated: 27/10/2014

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python-gnupg project python-gnupg

Debian Bug report logs - #738509 python-gnupg: CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929 Package: src:python-gnupg; Maintainer for src:python-gnupg is Elena Grandi <valhalla@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Feb 2014 05:33:01 UTC Severity: grave Tags: secur ...

CWE-20 http://www.debian.org/security/2014/dsa-2946 https://code.google.com/p/python-gnupg/issues/detail?id=98 http://secunia.com/advisories/56616 http://secunia.com/advisories/59031 http://seclists.org/oss-sec/2014/q1/294 https://code.google.com/p/python-gnupg/http://seclists.org/oss-sec/2014/q1/246 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738509 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1928

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect