Published: 20/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

kbx/keybox-search.c in GnuPG prior to 1.4.19, 2.0.x prior to 2.0.27, and 2.1.x prior to 2.1.2 does not properly handle bitwise left-shifts, which allows remote malicious users to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnupg gnupg
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04

Debian Bug report logs - #778577 CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG Package: gnupg2; Maintainer for gnupg2 is Debian GnuPG Maintainers <pkg-gnupg-maint@listsaliothdebianorg>; Source for gnupg2 is src:gnupg2 (PTS, buildd, popcon) Reported by: Daniel Kahn Gillmor <dkg@fifthhorsemannet> D ...

Several security issues were fixed in GnuPG ...

CWE-20 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html http://www.securityfocus.com/bid/72610 http://www.openwall.com/lists/oss-security/2015/02/14/6 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html http://www.ubuntu.com/usn/usn-2554-1/https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html http://www.openwall.com/lists/oss-security/2015/02/13/14 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577 https://usn.ubuntu.com/2554-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1607

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect