Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2015-1606

Published: 20/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The keyring DB in GnuPG prior to 2.1.2 does not properly handle invalid packets, which allows remote malicious users to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Ubuntu Security Notice: gnupg, gnupg2 vulnerabilities
Several security issues were fixed in GnuPG ...
Debian CVElist Bug Report Logs: CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG
Debian Bug report logs - #778577 CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG Package: gnupg2; Maintainer for gnupg2 is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg2 is src:gnupg2 (PTS, buildd, popcon) Reported by: Daniel Kahn Gillmor <dkg@fifthhorsemannet> D ...
Debian Security Advisories: DSA-3184-1 gnupg -- security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption p ...
Amazon Linux AMI: ALAS-2015-574
It was <a href="blogfuzzing-projectorg/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015html">reported</a> that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof (int) ...

References

CWE-416http://www.openwall.com/lists/oss-security/2015/02/14/6http://www.securitytracker.com/id/1031876http://www.debian.org/security/2015/dsa-3184https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.htmlhttp://www.openwall.com/lists/oss-security/2015/02/13/14http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648https://nvd.nist.govhttps://usn.ubuntu.com/2554-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267XML injectionCVE-2024-37673CVE-2024-6266CVE-2024-30078arbitrary CVE-2024-36886CVE-2024-5346template injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook