CVE-2003-0971

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 15 December 2003

Summary

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

References

http://www.redhat.com/support/errata/RHSA-2003-395.html

vendor-advisoryx_refsource_REDHAT

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

http://www.novell.com/linux/security/advisories/2003_048_...

vendor-advisoryx_refsource_SUSE

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Dec 1, 2003