Unrated severityNVD Advisory· Published Jul 1, 2022· Updated Aug 3, 2024
CVE-2022-34903
CVE-2022-34903
Description
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
65- osv-coords63 versionspkg:apk/chainguard/gnupgpkg:apk/chainguard/gnupg-dirmngrpkg:apk/chainguard/gnupg-docpkg:apk/chainguard/gnupg-gpgconfpkg:apk/chainguard/gnupg-langpkg:apk/chainguard/gnupg-scdaemonpkg:apk/chainguard/gnupg-utilspkg:apk/chainguard/gnupg-wks-clientpkg:apk/chainguard/gpgpkg:apk/chainguard/gpg-agentpkg:apk/chainguard/gpgsmpkg:apk/chainguard/gpgvpkg:apk/chainguard/gpg-wks-serverpkg:apk/wolfi/gnupgpkg:apk/wolfi/gnupg-dirmngrpkg:apk/wolfi/gnupg-docpkg:apk/wolfi/gnupg-gpgconfpkg:apk/wolfi/gnupg-langpkg:apk/wolfi/gnupg-scdaemonpkg:apk/wolfi/gnupg-utilspkg:apk/wolfi/gnupg-wks-clientpkg:apk/wolfi/gpgpkg:apk/wolfi/gpg-agentpkg:apk/wolfi/gpgsmpkg:apk/wolfi/gpgvpkg:apk/wolfi/gpg-wks-serverpkg:rpm/almalinux/gnupg2pkg:rpm/almalinux/gnupg2-smimepkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gpg2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/gpg2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/gpg2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/gpg2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/gpg2&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/gpg2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/gpg2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0+ 62 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.2.20-3.el8_6
- (no CPE)range: < 2.2.20-3.el8_6
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.3.7-1.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.2.27-150300.3.5.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.2.5-150000.4.22.1
- (no CPE)range: < 2.0.24-9.11.1
- (no CPE)range: < 2.0.24-9.11.1
Patches
Vulnerability mechanics
References
10- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2022/dsa-5174mitrevendor-advisoryx_refsource_DEBIAN
- www.openwall.com/lists/oss-security/2022/07/02/1mitremailing-listx_refsource_MLIST
- bugs.debian.org/1014157mitrex_refsource_MISC
- dev.gnupg.org/T6027mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220826-0005/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2022/06/30/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.