Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2015-1606

Published: 20/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gnupg

Vulnerability Summary

The keyring DB in GnuPG prior to 2.1.2 does not properly handle invalid packets, which allows remote malicious users to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG
Debian Bug report logs - #778577 CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG Package: gnupg2; Maintainer for gnupg2 is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg2 is src:gnupg2 (PTS, buildd, popcon) Reported by: Daniel Kahn Gillmor <dkg@fifthhorsemannet> D ...
Ubuntu Security Notice: gnupg, gnupg2 vulnerabilities
Several security issues were fixed in GnuPG ...
Debian Security Advisories: DSA-3184-1 gnupg -- security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption p ...
Amazon Linux AMI: ALAS-2015-574
It was <a href="blogfuzzing-projectorg/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015html">reported</a> that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof (int) ...

References

CWE-416http://www.openwall.com/lists/oss-security/2015/02/14/6http://www.securitytracker.com/id/1031876http://www.debian.org/security/2015/dsa-3184https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.htmlhttp://www.openwall.com/lists/oss-security/2015/02/13/14http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577https://usn.ubuntu.com/2554-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook