Unrated severityNVD Advisory· Published Mar 20, 2020· Updated Aug 5, 2024
CVE-2019-14855
CVE-2019-14855
Description
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29- osv-coords27 versionspkg:apk/chainguard/gnupgpkg:apk/chainguard/gnupg-dirmngrpkg:apk/chainguard/gnupg-docpkg:apk/chainguard/gnupg-gpgconfpkg:apk/chainguard/gnupg-langpkg:apk/chainguard/gnupg-scdaemonpkg:apk/chainguard/gnupg-utilspkg:apk/chainguard/gnupg-wks-clientpkg:apk/chainguard/gpgpkg:apk/chainguard/gpg-agentpkg:apk/chainguard/gpgsmpkg:apk/chainguard/gpgvpkg:apk/chainguard/gpg-wks-serverpkg:apk/wolfi/gnupgpkg:apk/wolfi/gnupg-dirmngrpkg:apk/wolfi/gnupg-docpkg:apk/wolfi/gnupg-gpgconfpkg:apk/wolfi/gnupg-langpkg:apk/wolfi/gnupg-scdaemonpkg:apk/wolfi/gnupg-utilspkg:apk/wolfi/gnupg-wks-clientpkg:apk/wolfi/gpgpkg:apk/wolfi/gpg-agentpkg:apk/wolfi/gpgsmpkg:apk/wolfi/gpgvpkg:apk/wolfi/gpg-wks-serverpkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweed
< 0+ 26 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.2.27-2.4
- Red Hat/gnupg2v5Range: 2.2.18
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.