VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Oct 10, 2013· Updated Apr 29, 2026

CVE-2013-4351

CVE-2013-4351

Description

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

Affected products

30
  • Gnupg/Gnupg30 versions
    cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.