CVE-2006-0455

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command gpg –verify.

Affected Software

Name	Vendor	Start Version	End Version
Privacy_guard	Gnu	1.0 (including)	1.0 (including)
Privacy_guard	Gnu	1.0.1 (including)	1.0.1 (including)
Privacy_guard	Gnu	1.0.2 (including)	1.0.2 (including)
Privacy_guard	Gnu	1.0.3 (including)	1.0.3 (including)
Privacy_guard	Gnu	1.0.3b (including)	1.0.3b (including)
Privacy_guard	Gnu	1.0.4 (including)	1.0.4 (including)
Privacy_guard	Gnu	1.0.5 (including)	1.0.5 (including)
Privacy_guard	Gnu	1.0.6 (including)	1.0.6 (including)
Privacy_guard	Gnu	1.0.7 (including)	1.0.7 (including)
Privacy_guard	Gnu	1.2 (including)	1.2 (including)
Privacy_guard	Gnu	1.2.1 (including)	1.2.1 (including)
Privacy_guard	Gnu	1.2.2 (including)	1.2.2 (including)
Privacy_guard	Gnu	1.2.2-rc1 (including)	1.2.2-rc1 (including)
Privacy_guard	Gnu	1.2.3 (including)	1.2.3 (including)
Privacy_guard	Gnu	1.2.4 (including)	1.2.4 (including)
Privacy_guard	Gnu	1.2.5 (including)	1.2.5 (including)
Privacy_guard	Gnu	1.2.6 (including)	1.2.6 (including)
Privacy_guard	Gnu	1.2.7 (including)	1.2.7 (including)
Privacy_guard	Gnu	1.3.3 (including)	1.3.3 (including)
Privacy_guard	Gnu	1.3.4 (including)	1.3.4 (including)
Privacy_guard	Gnu	1.4 (including)	1.4 (including)
Privacy_guard	Gnu	1.4.1 (including)	1.4.1 (including)
Privacy_guard	Gnu	1.4.2 (including)	1.4.2 (including)
Red Hat Enterprise Linux 3	RedHat	gnupg-0:1.2.1-15	*
Red Hat Enterprise Linux 4	RedHat	gnupg-0:1.2.6-3	*
Gnupg	Ubuntu	dapper	*
Gnupg	Ubuntu	devel	*
Gnupg	Ubuntu	edgy	*
Gnupg	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0455
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References