Denial of Service Vulnerability in GnuPG Keyring DB
CVE-2015-1606

5.5MEDIUM

Key Information:

Vendor

Gnupg

Status
Gnupg
Vendor
CVE Published:
20 November 2019

What is CVE-2015-1606?

The keyring database in GnuPG versions before 2.1.2 inadequately processes invalid packets. This flaw enables remote attackers to induce a denial of service condition through a specially crafted keyring file, leading to potential invalid read operations or use-after-free vulnerabilities. This could allow an attacker to destabilize the GnuPG service, impacting its availability and function.

References

https://blog.fuzzing-project.org/5-Multiple-issues-in-Gnu...
x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/02/13/14
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.