GnuPG Key Validation Issues Affecting Multiple User IDs
CVE-2003-0255

Currently unrated

Key Information:

Vendor

Gnu
Status
Privacy Guard
Vendor
CVE Published:
27 May 2003

What is CVE-2003-0255?

The GnuPG key validation mechanism prior to version 1.2.2 is flawed in that it incorrectly assesses the validity of keys associated with multiple user IDs. Instead of analyzing each user ID's trust individually, it defaults to the highest validity level among them. Consequently, this can mislead users during encryption, as they might not receive appropriate warnings when a user ID lacks a trusted path. This oversight could potentially expose sensitive information to unauthorized entities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.turbolinux.com/security/TLSA-2003-34.txt
vendor-advisoryx_refsource_TURBO
http://www.redhat.com/support/errata/RHSA-2003-175.html
vendor-advisoryx_refsource_REDHAT
http://www.osvdb.org/4947
vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.