Filtered by vendor Gnupg Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40528 2 Gnupg, Redhat 2 Libgcrypt, Enterprise Linux 2024-08-04 5.9 Medium
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
CVE-2021-33560 5 Debian, Fedoraproject, Gnupg and 2 more 9 Debian Linux, Fedora, Libgcrypt and 6 more 2024-08-03 7.5 High
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
CVE-2021-3345 2 Gnupg, Oracle 2 Libgcrypt, Communications Billing And Revenue Management 2024-08-03 7.8 High
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
CVE-2022-47629 3 Debian, Gnupg, Redhat 9 Debian Linux, Libksba, Enterprise Linux and 6 more 2024-08-03 9.8 Critical
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
CVE-2022-34903 5 Debian, Fedoraproject, Gnupg and 2 more 6 Debian Linux, Fedora, Gnupg and 3 more 2024-08-03 6.5 Medium
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-3515 3 Gnupg, Gpg4win, Redhat 10 Gnupg, Libksba, Vs-desktop and 7 more 2024-08-03 9.8 Critical
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
CVE-2022-3219 1 Gnupg 1 Gnupg 2024-08-03 3.3 Low
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.