Unrated severityNVD Advisory· Published Nov 20, 2019· Updated Aug 6, 2024

CVE-2015-1607

Description

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

GnuPG/GnuPGdescription
Gnupg/Gnupgllm-fuzzy
Range: <1.4.19
osv-coords13 versions
pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
< 2.0.9-25.33.41.2+ 12 more
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.24-3.2
- (no CPE)range: < 2.0.24-3.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.24-3.2
- (no CPE)range: < 2.0.24-3.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.9-25.33.41.2
- (no CPE)range: < 2.0.24-3.2
- (no CPE)range: < 2.0.24-3.2

Patches

Vulnerability mechanics

References

git.gnupg.org/cgi-bin/gitweb.cgimitrex_refsource_MISC
www.openwall.com/lists/oss-security/2015/02/13/14mitrex_refsource_MISC
www.openwall.com/lists/oss-security/2015/02/14/6mitrex_refsource_MISC
www.securityfocus.com/bid/72610mitrex_refsource_MISC
www.ubuntu.com/usn/usn-2554-1/mitrex_refsource_MISC
blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.htmlmitrex_refsource_MISC
lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.htmlmitrex_refsource_MISC
lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.htmlmitrex_refsource_MISC
lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000