GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Privacy_guard | Gnu | 1.0.2 (including) | 1.0.2 (including) |
| Privacy_guard | Gnu | 1.0.3 (including) | 1.0.3 (including) |
| Privacy_guard | Gnu | 1.0.3b (including) | 1.0.3b (including) |
| Privacy_guard | Gnu | 1.0.4 (including) | 1.0.4 (including) |
| Privacy_guard | Gnu | 1.0.5 (including) | 1.0.5 (including) |
| Privacy_guard | Gnu | 1.0.6 (including) | 1.0.6 (including) |
| Privacy_guard | Gnu | 1.0.7 (including) | 1.0.7 (including) |
| Privacy_guard | Gnu | 1.2 (including) | 1.2 (including) |
| Privacy_guard | Gnu | 1.2.1 (including) | 1.2.1 (including) |
| Privacy_guard | Gnu | 1.2.2 (including) | 1.2.2 (including) |
| Privacy_guard | Gnu | 1.2.2-rc1 (including) | 1.2.2-rc1 (including) |
| Privacy_guard | Gnu | 1.2.3 (including) | 1.2.3 (including) |
| Red Hat Enterprise Linux 3 | RedHat | gnupg-0:1.2.1-10 | * |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux 9 | RedHat | * |