Detections
Analytics

CVE-2022-34903

medium

Description

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

References

https://www.debian.org/security/2022/dsa-5174

https://security.netapp.com/advisory/ntap-20220826-0005/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/

https://bugs.debian.org/1014157

https://www.openwall.com/lists/oss-security/2022/06/30/1

https://dev.gnupg.org/T6027

http://www.openwall.com/lists/oss-security/2022/07/02/1

Details

Source: Mitre, NVD

Published: 2022-07-01

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01022

OSZAR »