CVE Vulnerabilities

CVE-2013-4351

Published: Oct 10, 2013 | Modified: Jan 04, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
LOW

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

Affected Software

Name Vendor Start Version End Version
Gnupg Gnupg 1.4.0 (including) 1.4.0 (including)
Gnupg Gnupg 1.4.2 (including) 1.4.2 (including)
Gnupg Gnupg 1.4.3 (including) 1.4.3 (including)
Gnupg Gnupg 1.4.4 (including) 1.4.4 (including)
Gnupg Gnupg 1.4.5 (including) 1.4.5 (including)
Gnupg Gnupg 1.4.6 (including) 1.4.6 (including)
Gnupg Gnupg 1.4.8 (including) 1.4.8 (including)
Gnupg Gnupg 1.4.10 (including) 1.4.10 (including)
Gnupg Gnupg 1.4.11 (including) 1.4.11 (including)
Gnupg Gnupg 1.4.12 (including) 1.4.12 (including)
Gnupg Gnupg 1.4.13 (including) 1.4.13 (including)
Red Hat Enterprise Linux 5 RedHat gnupg-0:1.4.5-18.el5_10 *
Red Hat Enterprise Linux 5 RedHat gnupg2-0:2.0.10-6.el5_10 *
Red Hat Enterprise Linux 6 RedHat gnupg2-0:2.0.14-6.el6_4 *
Gnupg Ubuntu devel *
Gnupg Ubuntu lucid *
Gnupg Ubuntu precise *
Gnupg Ubuntu quantal *
Gnupg Ubuntu raring *
Gnupg2 Ubuntu devel *
Gnupg2 Ubuntu lucid *
Gnupg2 Ubuntu precise *
Gnupg2 Ubuntu quantal *
Gnupg2 Ubuntu raring *

References