Vulnerabilities > Gnupg

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2022-3219 Out-of-bounds Write vulnerability in Gnupg
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
local
low complexity
gnupg CWE-787
3.3
2023-01-12 CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser.
network
low complexity
gnupg gpg4win
critical
9.8
2022-12-20 CVE-2022-47629 Integer Overflow or Wraparound vulnerability in multiple products
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
network
low complexity
gnupg debian CWE-190
critical
9.8
2022-07-01 CVE-2022-34903 Injection vulnerability in multiple products
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
network
high complexity
gnupg fedoraproject debian netapp CWE-74
6.5
2021-09-06 CVE-2021-40528 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
gnupg CWE-327
5.9
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
2021-01-29 CVE-2021-3345 Out-of-bounds Write vulnerability in multiple products
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value.
local
low complexity
gnupg oracle CWE-787
7.8
2020-09-03 CVE-2020-25125 Classic Buffer Overflow vulnerability in multiple products
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences.
local
low complexity
gnupg gpg4win CWE-120
7.8
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2019-11-29 CVE-2015-0837 Information Exposure Through Discrepancy vulnerability in multiple products
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
network
high complexity
gnupg debian CWE-203
5.9