A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGnupg
APPGnupg2.1.0 – 2.2.41 (bez)2.3.0 – 2.4.0 (bez)Gnupg Libksba
APPGnupg< 1.6.3Gnupg Vs Desktop
APPGnupg3.1.16 – 3.1.26 (bez)Gpg4win
APPGpg4Win2.0.0 – 4.1.0 (bez)
Powiązane podatności
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT co...
In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key...
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intend...
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified...