Signature Verification Issue in GnuPG by GnuPG
CVE-2006-0049
Currently unrated
Summary
GnuPG, prior to version 1.4.2.2, lacks adequate checks for non-detached signatures, allowing adversaries to inject unauthorized unsigned data. This flaw occurs because the verification process erroneously considers the signature valid due to the improper association between a data packet and a control packet, which may lead to weakened security mechanisms and potential exploitation.
References
Timeline
Vulnerability published
Vulnerability Reserved