Vulnerabilities > Gnupg > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
2021-01-29 CVE-2021-3345 Out-of-bounds Write vulnerability in multiple products
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value.
local
low complexity
gnupg oracle CWE-787
7.8
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2019-06-29 CVE-2019-13050 Improper Certificate Validation vulnerability in multiple products
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network.
7.5
2017-08-29 CVE-2017-0379 Information Exposure vulnerability in multiple products
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
network
low complexity
gnupg debian CWE-200
7.5
2016-06-13 CVE-2016-4579 Improper Input Validation vulnerability in multiple products
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
network
low complexity
gnupg opensuse canonical CWE-20
7.5
2016-06-13 CVE-2016-4574 Numeric Errors vulnerability in multiple products
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data.
network
low complexity
gnupg canonical opensuse CWE-189
7.5
2016-06-13 CVE-2016-4356 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4355 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4354 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
canonical gnupg CWE-119
7.5