High severityGHSA Advisory· Published Mar 17, 2019· Updated Aug 4, 2024
CVE-2019-6690
CVE-2019-6690
Description
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-gnupgPyPI | < 0.4.4 | 0.4.4 |
Affected products
4- ghsa-coords3 versionspkg:pypi/python-gnupgpkg:rpm/opensuse/python-python-gnupg&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-python-gnupg&distro=SUSE%20Package%20Hub%2015
< 0.4.4+ 2 more
- (no CPE)range: < 0.4.4
- (no CPE)range: < 0.5.2-1.5
- (no CPE)range: < 0.4.4-bp150.2.3.1
Patches
Vulnerability mechanics
References
21- lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-2fch-jvg5-crf6ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-6690ghsaADVISORY
- usn.ubuntu.com/3964-1/mitrevendor-advisoryx_refsource_UBUNTU
- packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.htmlghsax_refsource_MISCWEB
- www.securityfocus.com/bid/106756mitrevdb-entryx_refsource_BID
- blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerabilityghsaWEB
- blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/02/msg00021.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2021/12/msg00027.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7IIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25ghsaWEB
- pypi.org/project/python-gnupg/ghsax_refsource_MISCWEB
- seclists.org/bugtraq/2019/Jan/41ghsamailing-listx_refsource_BUGTRAQWEB
- usn.ubuntu.com/3964-1ghsaWEB
- web.archive.org/web/20200227091727/http://www.securityfocus.com/bid/106756ghsaWEB
News mentions
0No linked articles in our index yet.