GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victims keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gnupg | Gnupg | * | 2.3.6 (including) |
| Red Hat Enterprise Linux 8 | RedHat | gnupg2-0:2.2.20-3.el8_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | gnupg2-0:2.3.3-2.el9_0 | * |
| Red Hat Enterprise Linux 9 | RedHat | gnupg2-0:2.3.3-2.el9_0 | * |
| Gnupg | Ubuntu | esm-infra/xenial | * |
| Gnupg | Ubuntu | trusty/esm | * |
| Gnupg | Ubuntu | upstream | * |
| Gnupg2 | Ubuntu | bionic | * |
| Gnupg2 | Ubuntu | devel | * |
| Gnupg2 | Ubuntu | esm-infra/xenial | * |
| Gnupg2 | Ubuntu | focal | * |
| Gnupg2 | Ubuntu | impish | * |
| Gnupg2 | Ubuntu | jammy | * |
| Gnupg2 | Ubuntu | upstream | * |