CVE Vulnerabilities

CVE-2003-0971

Published: Dec 15, 2003 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

Affected Software

Name Vendor Start Version End Version
Privacy_guard Gnu 1.0.2 1.0.2
Privacy_guard Gnu 1.0.3 1.0.3
Privacy_guard Gnu 1.0.3b 1.0.3b
Privacy_guard Gnu 1.0.4 1.0.4
Privacy_guard Gnu 1.0.5 1.0.5
Privacy_guard Gnu 1.0.6 1.0.6
Privacy_guard Gnu 1.0.7 1.0.7
Privacy_guard Gnu 1.2 1.2
Privacy_guard Gnu 1.2.1 1.2.1
Privacy_guard Gnu 1.2.2 1.2.2
Privacy_guard Gnu 1.2.2 1.2.2
Privacy_guard Gnu 1.2.3 1.2.3
Red Hat Enterprise Linux 3 RedHat gnupg-0:1.2.1-10 *

References