Signature Verification Flaw in GnuPG Affects Document Integrity
CVE-2000-0974

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 19 December 2000

What is CVE-2000-0974?

GnuPG version 1.0.3 contains a vulnerability that fails to properly verify all signatures within files that consist of multiple documents. This oversight enables an attacker to modify the content of all documents, except for the first one, without it being detected. As a result, trust in the document's integrity can be compromised, posing significant risks to users who rely on GnuPG for secure communications.

References

http://archives.neohapsis.com/archives/bugtraq/2000-10/02...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2000-10/03...

mailing-listx_refsource_BUGTRAQ

http://www.debian.org/security/2000/20001111

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2000
Vulnerability Reserved
Nov 24, 2000