rpm package
suse/gpg2&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1607 | — | < 2.0.9-25.33.41.2 | 2.0.9-25.33.41.2 | Nov 20, 2019 | kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "me | ||
| CVE-2015-1606 | — | < 2.0.9-25.33.41.2 | 2.0.9-25.33.41.2 | Nov 20, 2019 | The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. | ||
| CVE-2018-12020 | — | < 2.0.9-25.33.42.3.1 | 2.0.9-25.33.42.3.1 | Jun 8, 2018 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da |
- CVE-2015-1607Nov 20, 2019affected < 2.0.9-25.33.41.2fixed 2.0.9-25.33.41.2
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "me
- CVE-2015-1606Nov 20, 2019affected < 2.0.9-25.33.41.2fixed 2.0.9-25.33.41.2
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
- CVE-2018-12020Jun 8, 2018affected < 2.0.9-25.33.42.3.1fixed 2.0.9-25.33.42.3.1
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da