ElGamal Key Component Flaw in GnuPG Signing and Encryption
CVE-2003-0971

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 15 December 2003

What is CVE-2003-0971?

GnuPG versions 1.0.2 through 1.2.3 exhibit a serious cryptographic flaw in how ElGamal type 20 keys are generated. The encryption and signing processes utilize the same key component, which creates a significant security risk. This vulnerability could allow malicious actors to derive the private key from a signature, enabling unauthorized decryption and further compromising user data and communications.

References

http://www.redhat.com/support/errata/RHSA-2003-395.html

vendor-advisoryx_refsource_REDHAT

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

http://www.novell.com/linux/security/advisories/2003_048_...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Dec 1, 2003

JSON