mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-2862-1 | python-gnupg security update |
![]() |
DSA-4222-1 | gnupg2 security update |
![]() |
DSA-4223-1 | gnupg1 security update |
![]() |
DSA-4224-1 | gnupg security update |
![]() |
EUVD-2018-4011 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
![]() |
USN-3675-1 | GnuPG vulnerabilities |
![]() |
USN-3675-2 | GnuPG 2 vulnerability |
![]() |
USN-3675-3 | GnuPG vulnerability |
![]() |
USN-3964-1 | python-gnupg vulnerabilities |
![]() |
USN-4839-1 | python-gnupg vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T08:24:03.773Z
Reserved: 2018-06-07T00:00:00
Link: CVE-2018-12020

No data.

Status : Modified
Published: 2018-06-08T21:29:00.237
Modified: 2024-11-21T03:44:25.510
Link: CVE-2018-12020


No data.