CVE-2007-1263

Currently unrated

Key Information:

Vendor: Gnu
Status: Gpgme; Gnupg
Vendor: CVE Published:; 6 March 2007

Summary

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

References

https://issues.rpath.com/browse/RPL-1111

x_refsource_CONFIRM

http://www.trustix.org/errata/2007/0009/

vendor-advisoryx_refsource_TRUSTIX

http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm

x_refsource_CONFIRM

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 4, 2007