Signature Verification Flaw in GnuPG Affects Document Integrity
CVE-2000-0974

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
19 December 2000

Summary

GnuPG version 1.0.3 contains a vulnerability that fails to properly verify all signatures within files that consist of multiple documents. This oversight enables an attacker to modify the content of all documents, except for the first one, without it being detected. As a result, trust in the document's integrity can be compromised, posing significant risks to users who rely on GnuPG for secure communications.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.