Unrated severityNVD Advisory· Published Jun 25, 2014· Updated May 6, 2026
CVE-2014-4617
CVE-2014-4617
Description
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Affected products
64cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*+ 60 more
- cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*range: <=1.4.16
- cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.htmlnvdMailing ListVendor Advisory
- lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.htmlnvdMailing ListVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-07/msg00010.htmlnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2968nvdThird Party Advisory
- secunia.com/advisories/59213nvd
- secunia.com/advisories/59351nvd
- secunia.com/advisories/59534nvd
- secunia.com/advisories/59578nvd
- www.debian.org/security/2014/dsa-2967nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
- www.ubuntu.com/usn/USN-2258-1nvd
News mentions
0No linked articles in our index yet.