Improper Signature Verification in GnuPG Affects Multiple Versions
CVE-2006-0455
Currently unrated
Summary
GnuPG's gpgv command, used for determining the validity of digital signatures, can mistakenly return a success status even when no valid signature is present in the detached signature file. This oversight occurs during unattended signature verifications and could mislead applications into treating invalid signatures as verified. Affected users are advised to review their usage of gpgv and ensure they are running a secure version of the software to prevent unauthorized actions based on erroneous verification results.
References
Timeline
Vulnerability published
Vulnerability Reserved