CVE Vulnerabilities

CVE-2003-0971

Published: Dec 15, 2003 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

Affected Software

Name Vendor Start Version End Version
Privacy_guard Gnu 1.0.2 (including) 1.0.2 (including)
Privacy_guard Gnu 1.0.3 (including) 1.0.3 (including)
Privacy_guard Gnu 1.0.3b (including) 1.0.3b (including)
Privacy_guard Gnu 1.0.4 (including) 1.0.4 (including)
Privacy_guard Gnu 1.0.5 (including) 1.0.5 (including)
Privacy_guard Gnu 1.0.6 (including) 1.0.6 (including)
Privacy_guard Gnu 1.0.7 (including) 1.0.7 (including)
Privacy_guard Gnu 1.2 (including) 1.2 (including)
Privacy_guard Gnu 1.2.1 (including) 1.2.1 (including)
Privacy_guard Gnu 1.2.2 (including) 1.2.2 (including)
Privacy_guard Gnu 1.2.2-rc1 (including) 1.2.2-rc1 (including)
Privacy_guard Gnu 1.2.3 (including) 1.2.3 (including)
Red Hat Enterprise Linux 3 RedHat gnupg-0:1.2.1-10 *
Red Hat Linux 7.1 RedHat *
Red Hat Linux 7.2 RedHat *
Red Hat Linux 7.3 RedHat *
Red Hat Linux 8.0 RedHat *
Red Hat Linux 9 RedHat *

References