Improper Signature Verification in GnuPG Affects Multiple Versions
CVE-2006-0455

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
15 February 2006

Summary

GnuPG's gpgv command, used for determining the validity of digital signatures, can mistakenly return a success status even when no valid signature is present in the detached signature file. This oversight occurs during unattended signature verifications and could mislead applications into treating invalid signatures as verified. Affected users are advised to review their usage of gpgv and ensure they are running a secure version of the software to prevent unauthorized actions based on erroneous verification results.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.