Signature Verification Flaw in GnuPG Affects Document Integrity
CVE-2000-0974
Currently unrated
Summary
GnuPG version 1.0.3 contains a vulnerability that fails to properly verify all signatures within files that consist of multiple documents. This oversight enables an attacker to modify the content of all documents, except for the first one, without it being detected. As a result, trust in the document's integrity can be compromised, posing significant risks to users who rely on GnuPG for secure communications.
References
Timeline
Vulnerability published
Vulnerability Reserved