Denial of Service Vulnerability in GnuPG by GnuPG Development Team
CVE-2022-3219

3.3LOW

Key Information:

Vendor: Gnupg
Status: Gnupg
Vendor: CVE Published:; 23 February 2023

What is CVE-2022-3219?

A denial of service vulnerability exists in GnuPG, where the application can be forced to enter a non-terminating loop through the use of specially crafted public keys. These keys can contain thousands of signatures, yet are compressed into a small size, leading to significant resource consumption. This flaw can be exploited by attackers, potentially causing the application to become unresponsive, posing a risk to systems relying on GnuPG for cryptographic functions.

Affected Version(s)

gnupg gnupg2

References

https://dev.gnupg.org/D556

https://marc.info/?l=oss-security&m=165696590211434&w=4

https://access.redhat.com/security/cve/CVE-2022-3219

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2023
Vulnerability Reserved
Sep 15, 2022

CVE-2022-3219 Data

JSON

Gnupg

What is CVE-2022-3219?

Affected Version(s)

References

CVSS V3.1

Timeline