Signature Verification Issue in GnuPG by GnuPG
CVE-2006-0049

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
13 March 2006

Summary

GnuPG, prior to version 1.4.2.2, lacks adequate checks for non-detached signatures, allowing adversaries to inject unauthorized unsigned data. This flaw occurs because the verification process erroneously considers the signature valid due to the improper association between a data packet and a control packet, which may lead to weakened security mechanisms and potential exploitation.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.