Format String Vulnerability in GnuPG Client Affects Key Retrieval Process
CVE-2003-0978

Currently unrated

Key Information:

Vendor: Gnu
Status: Privacy Guard
Vendor: CVE Published:; 5 January 2004

Summary

The GnuPG client, specifically the gpgkeys_hkp interface, contains a format string vulnerability that could be exploited by remote attackers or malicious keyservers. This flaw allows attackers to induce a denial of service, potentially crashing the service during key retrieval. Furthermore, in certain circumstances, it may allow for the execution of arbitrary code, endangering system integrity and confidentiality. Users of GnuPG versions 1.2.3 and earlier, as well as 1.3.3 and earlier, are particularly at risk.

References

http://www.s-quadra.com/advisories/Adv-20031203.txt

x_refsource_MISC

http://www.novell.com/linux/security/advisories/2003_048_...

vendor-advisoryx_refsource_SUSE

http://marc.info/?l=bugtraq&m=107047470625214&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jan 5, 2004
Vulnerability Reserved
Dec 9, 2003