Unrated severityNVD Advisory· Published May 27, 2003· Updated Apr 16, 2026

CVE-2003-0255

Description

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Affected products

GNU/Privacy Guard
cpe:2.3:a:gnu:privacy_guard:*:*:*:*:*:*:*:*
Range: <=1.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2003-175.htmlnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/397604nvdUS Government Resource
distro.conectiva.com.br/atualizacoes/nvd
marc.infonvd
marc.infonvd
marc.infonvd
marc.infonvd
www.linuxsecurity.com/advisories/engarde_advisory-3258.htmlnvd
www.linuxsecurity.com/advisories/gentoo_advisory-3266.htmlnvd
www.mandriva.com/security/advisoriesnvd
www.osvdb.org/4947nvd
www.redhat.com/support/errata/RHSA-2003-176.htmlnvd
www.securityfocus.com/bid/7497nvd
www.turbolinux.com/security/TLSA-2003-34.txtnvd
exchange.xforce.ibmcloud.com/vulnerabilities/11930nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000