OpenPGP Message Vulnerability in GnuPG and GPGME by GnuPG
CVE-2007-1263

Currently unrated

Key Information:

Vendor: Gnu
Status: Gpgme; Gnupg
Vendor: CVE Published:; 6 March 2007

Summary

GnuPG versions 1.4.6 and earlier, along with GPGME prior to 1.1.4, are susceptible to a vulnerability that fails to visually separate signed and unsigned sections of OpenPGP messages when executed via the command line. This oversight could enable attackers to manipulate the content of messages undetected, potentially leading to the spread of false or misleading information.

References

https://issues.rpath.com/browse/RPL-1111

x_refsource_CONFIRM

http://www.trustix.org/errata/2007/0009/

vendor-advisoryx_refsource_TRUSTIX

http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm

x_refsource_CONFIRM

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 4, 2007