Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6085

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-6085
Last Modified 03 Jan 2014 11:43:15
Published 23 Jan 2013 08:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6085

Summary

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.

Vulnerable Systems

Application

  • Gnupg 1.4.0

  • Gnupg 1.4.10

  • Gnupg 1.4.11

  • Gnupg 1.4.12

  • Gnupg 1.4.2

  • Gnupg 1.4.3

  • Gnupg 1.4.4

  • Gnupg 1.4.5

  • Gnupg 1.4.8

  • Gnupg 2.0

  • Gnupg 2.0.1

  • Gnupg 2.0.10

  • Gnupg 2.0.11

  • Gnupg 2.0.12

  • Gnupg 2.0.13

  • Gnupg 2.0.14

  • Gnupg 2.0.15

  • Gnupg 2.0.16

  • Gnupg 2.0.17

  • Gnupg 2.0.18

  • Gnupg 2.0.19

  • Gnupg 2.0.3

  • Gnupg 2.0.4

  • Gnupg 2.0.5

  • Gnupg 2.0.6

  • Gnupg 2.0.7

  • Gnupg 2.0.8


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=891142

CONFIRM - https://bugs.g10code.com/gnupg/issue1455

XF - gnupg-public-keys-code-exec(80990)

UBUNTU - USN-1682-1

BID - 57102

MLIST - [oss-security] 20130101 Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption

MANDRIVA - MDVSA-2013:001

FEDORA - FEDORA-2013-0377

FEDORA - FEDORA-2013-0148

CONFIRM - http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=f0b33b6fb8e0586e9584a7a409dcc31263776a67

REDHAT - RHSA-2013:1459


Last Updated: 27 May 2016 11:01:42