Signature Verification Flaw in GnuPG Affects File Integrity
CVE-2001-0071

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 12 February 2001

Summary

The vulnerability in GnuPG versions, including 1.0.4, arises from insufficient verification of detached signatures. This lapse allows attackers to alter file contents undetected, potentially leading to unauthorized actions or data breaches. Users relying on GnuPG for secure file handling should ensure they are using the latest patched versions to mitigate this risk.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

http://www.debian.org/security/2000/20001225b

vendor-advisoryx_refsource_DEBIAN

http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-...

vendor-advisoryx_refsource_MANDRAKE

Timeline

Vulnerability published
Feb 12, 2001
Vulnerability Reserved
Feb 1, 2001