CVE-2012-6085

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-01-24 01:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-6085

Mitre link : CVE-2012-6085

CVE.ORG link : CVE-2012-6085


JSON object : View

Products Affected

gnupg

  • gnupg
CWE
CWE-20

Improper Input Validation